silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
Researchers from Cofense have discovered a new malspam campaign that delivers fake eFax messages designed to drop a banking Trojan and RAT cocktail via malicious Microsoft Word document attachments.
The phishing emails that impersonate eFax messages include ZIP archived XLS Microsoft Excel documents with a macro designed to download and launch Dridex and Remote Manipulator System Remote Access Tool (RMS RAT) malicious payloads.
The attackers use the two payloads to perform different tasks: the Dridex banking Trojan to collect credentials from web browsers and to exfiltrate them to their own servers, and the RMS RAT for managing the infected computers.
Cofense's research team also added that "And having both available provides a backup communication channel in case one of the malware families is detected and removed."
Phishing email sample
Double Duty: Dridex Banking Malware Delivered with RMS RAT - Cofense
Cofense IntelligenceTM analyzes millions of emails and malware samples each day to alert organizations to emerging phishing threats. Thanks to our expansive
cofense.com