silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
Security researchers have discovered an ongoing phishing campaign distributing a new remote access trojan (RAT) and actively targeting commercial banking customers with keyloggers and information stealers.
The new malware, dubbed WSH Remote Access Tool (RAT) by its creator, is a variant of the VBS (Visual Basic Script) based Houdini Worm (H-Worm) first created and spread in 2013.
Besides being ported to JavaScript and using a different User-Agent string and delimiter character when communicating with its command-and-control (C2) server, WSH RAT is basically identical to H-Worm.
"WSH is likely a reference to the legitimate Windows Script Host, which is an application used to execute scripts on Windows machines," according to Cofense's research team, the ones which discovered the new RAT.
Houdini Worm Transformed in New Phishing Attack - Cofense
The Houdini worm has transformed into a new phishing attack. Stay informed and stay protected with Cofense's insights and tips.
cofense.com