Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A previously undocumented remote access trojan (RAT) written in the Go programming language has been spotted disproportionately targeting entities in Italy, Spain, and the U.K.
Called Nerbian RAT by enterprise security firm Proofpoint, the novel malware leverages COVID-19-themed lures to propagate as part of a low volume email-borne phishing campaign that started on April 26, 2022.

"The newly identified Nerbian RAT leverages multiple anti-analysis components spread across several stages, including multiple open-source libraries," Proofpoint researchers said in a report shared with The Hacker News.

"It is written in operating system (OS) agnostic Go programming language, compiled for 64-bit systems, and leverages several encryption routines to further evade network analysis."

The messages, amounting to less than 100 in number, purport to be from the World Health Organization about safety measures related to COVID-19, urging potential victims to open a macro-laced Microsoft Word document to access the "latest health advice."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top