New WSH RAT Malware Targets Bank Customers with Keyloggers

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/new-wsh-rat-malware-targets-bank-customers-with-keyloggers/

Security researchers have discovered an ongoing phishing campaign distributing a new remote access trojan (RAT) and actively targeting commercial banking customers with keyloggers and information stealers.

The new malware, dubbed WSH Remote Access Tool (RAT) by its creator, is a variant of the VBS (Visual Basic Script) based Houdini Worm (H-Worm) first created and spread in 2013.

Besides being ported to JavaScript and using a different User-Agent string and delimiter character when communicating with its command-and-control (C2) server, WSH RAT is basically identical to H-Worm.

"WSH is likely a reference to the legitimate Windows Script Host, which is an application used to execute scripts on Windows machines," according to Cofense's research team, the ones which discovered the new RAT.

Houdini Worm Transformed in New Phishing Attack - Cofense

The Houdini worm has transformed into a new phishing attack. Stay informed and stay protected with Cofense's insights and tips.

cofense.com