Cert2Connect

VCURMS and STRRAT Remote Access Trojans Delivered Through Phishing Emails

Researchers discovered a phishing campaign distributing a malicious Java downloader aiming to disseminate new VCURMS and STRRAT remote access trojans (RATs). The attackers utilized public services like Amazon Web Services (AWS) and GitHub to store malware and employed a commercial protector to evade detection. They utilized email for command and control with the recipient endpoint using Proton Mail for privacy protection. Phishing emails targeted staff claiming a pending payment and urging them to verify payment details by clicking a button which triggers the download of a harmful JAR file from AWS. The downloaded files were disguised as typical phishing attachments with spoofed names to lure recipients into opening them.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak