Threat actors target aviation orgs with new malware

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,172
Content source
https://www.bleepingcomputer.com/news/security/microsoft-threat-actors-target-aviation-orgs-with-new-malware/
Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans (RATs) deployed using a new and stealthy malware loader.

"In the past few months, Microsoft has been tracking a dynamic campaign targeting the aerospace and travel sectors with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AsyncRAT," Microsoft said.

Attackers' phishing emails spoof legitimate organizations and use image lures posing as PDF documents containing info relevant to several industry sectors, including aviation, travel, and cargo.

As Microsoft observed while tracking this campaign, the threat actors' end goal is to harvest and exfiltrate data from infected devices using the RATs' remote control, keylogging, and password-stealing capabilities.
Click to expand...
The newly discovered loader monetized under a Crypter-as-a-Service model, named Snip3 by Morphisec malware analysts, is used to drop Revenge RAT, AsyncRAT, Agent Tesla, and NetWire RAT payloads on compromised systems.

Links abusing legitimate web services and embedded within the phishing messages download the first-stage VBScript VBS files that execute a second-stage PowerShell script which in turn executes the final RAT payload using Process Hollowing.
Click to expand...
www.bleepingcomputer.com

Microsoft: Threat actors target aviation orgs with new malware

Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans (RATs) deployed using a new and stealthy malware loader.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
Reactions: Venustus, Gandalf_The_Grey, Der.Reisende and 4 others
You must log in or register to reply here.

Similar threads

Bot
    • Like
    • +Reputation
Security News New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT
Replies
0
Views
885
Security News
Bot
Bot
[correlate]
    • Like
    • +Reputation
Microsoft Teams phishing attack pushes DarkGate malware
Replies
0
Views
1,503
News Archive
[correlate]
[correlate]
silversurfer
    • Like
    • +Reputation
DarkGate Operator Uses Skype, Teams Messages to Distribute Malware
Replies
0
Views
1,205
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top