VCURMS and STRRAT Remote Access Trojans Delivered Through Phishing Emails
Researchers discovered a phishing campaign distributing a malicious Java downloader aiming to disseminate new VCURMS and STRRAT remote access trojans (RATs). The attackers utilized public services like Amazon Web Services (AWS) and GitHub to store malware and employed a commercial protector to evade detection. They utilized email for command and control with the recipient endpoint using Proton Mail for privacy protection. Phishing emails targeted staff claiming a pending payment and urging them to verify payment details by clicking a button which triggers the download of a harmful JAR file from AWS. The downloaded files were disguised as typical phishing attachments with spoofed names to lure recipients into opening them.