Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,178
Content source
https://thehackernews.com/2023/07/fruity-trojan-uses-deceptive-software.html
Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT.

"Among the software in question are various instruments for fine-tuning CPUs, graphic cards, and BIOS; PC hardware-monitoring tools; and some other apps," cybersecurity vendor Doctor Web said in an analysis. "Such installers are used as a decoy and contain not only the software potential victims are interested in, but also the trojan itself with all its components."

The exact initial access vector used in the campaign is unclear but it could potentially range from phishing to drive-by downloads to malicious ads. Users who land on the fake site are prompted to download a ZIP installer package.

The installer, besides activating the standard installation process, stealthily drops the Fruity trojan, a Python-based malware that unpacks an MP3 file ("Idea.mp3") to load an image file ("Fruit.png") to activate the multi-stage infection.

"This image file uses the steganography method to hide two executables (.dll libraries) and the shellcode for the next-stage initialization inside it," Doctor Web said.

Fruity is also designed to bypass antivirus detection on the compromised host and ultimately launch the Remcos RAT payload using a technique called process doppelgänging.
Click to expand...
 
  • Like
  • +Reputation
  • Wow
Reactions: plat, vtqhtr413, brambedkar59 and 5 others
cartaphilus

cartaphilus

Level 5
Mar 17, 2023
202
The use of stenography to hide an infectious executable within a picture of a fruit is a complex and sophisticated technique. If only that mental power could be used for the betterment of humanity, imagine what we could accomplish as a collective!

And of all the vendors it was Dr. Web who detected it!??? I think of Dr. Web on the same terms as Dr. Nick from Simpsons.
 
Xeno1234

Xeno1234

Level 14
Jun 12, 2023
699
cartaphilus said:
The use of stenography to hide an infectious executable within a picture of a fruit is a complex and sophisticated technique. If only that mental power could be used for the betterment of humanity, imagine what we could accomplish as a collective!

And of all the vendors it was Dr. Web who detected it!??? I think of Dr. Web on the same terms as Dr. Nick from Simpsons.
Click to expand...
If Dr Web got it, high chance Kaspersky nags with at least in some way.
 
You must log in or register to reply here.

Similar threads

Bot
    • Like
    • +Reputation
Security News New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT
Replies
0
Views
891
Security News
Bot
Bot
silversurfer
    • Like
    • +Reputation
    • Thanks
RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks
Replies
1
Views
712
News Archive
Andy Ful
Andy Ful
silversurfer
    • Like
    • +Reputation
Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps
Replies
0
Views
506
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top