silversurfer

Level 59
Verified
Trusted
Content Creator
Malware Hunter
Threat actors are still taking advantage of the ongoing COVID-19 global outbreak by attempting to drop Remcos RAT and malware payloads on their targets' computers via malicious files that promise to provide Coronavirus safety measures.

Yoroi researchers recently spotted a suspicious CoronaVirusSafetyMeasures_pdf.exe executable after it was submitted to their free Yomi Hunter sandbox-based file analysis service.

While the infection vector used by the attackers is not yet known, the most probable method of dissemination is a phishing campaign that would deliver it as an email attachment.

RAT used to steal keystrokes

As the Yoroi research team later discovered, the executable is an obfuscated Remcos RAT dropper that would drop a Remcos RAT executable on the compromised computer, together with a VBS file designed to run the RAT. [....]
 

plat1098

Level 17
Verified
Time-stamped April 8, 2020 (today). Still going strong.


These Threat Actors are scums of the earth and need justice brought against them
One recent tactic is to exploit people's need and anxious waiting for the government-issued stimulus checks. In the CISA article, you can see one way of how this is done. Making it so tempting, these beyond-criminals preying on people's financial desperation. (n)
 
Top