• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   RAT

Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C
  • Posted on:July 18, 2019 at 5:01 am
  • Posted in:Malware, Spam, Targeted Attacks
  • Author:
    Trend Micro
0

We observed a recent campaign that primarily targets financial institutions and governmental organizations in the South American region, particularly in Colombia. This blog post covers the activities we observed, the remote access tools (RATs) used, the campaign’s techniques and procedures, and its indicators of compromise (IoCs). Our findings indicate that the campaign appears to be the work of a group involved in business email compromise (BEC) or cybercrime, and unlikely to be an advanced persistent threat (APT).

Read More
Tags: C&CRATVisual BasicXpert RAT

Lost Door RAT: Accessible, Customizable Attack Tool
  • Posted on:May 3, 2016 at 12:00 pm
  • Posted in:Malware, Targeted Attacks
  • Author:
    Janus Agcaoili (Threat Response Engineer)
0

We recently came across a cyber attack that used a remote access Trojan (RAT) called Lost Door, a tool currently offered on social media sites. What also struck us the most about this RAT (detected as BKDR_LODORAT.A) is how it abuses the Port Forward feature in routers. Using this feature enables remote systems to connect to a specific computer or service within a private local-area network (LAN). However, when used maliciously, this feature allows remote attackers to mask their activities in the network and avoid immediate detection. Because this RAT is easy to customize, even knowledge of the indicators of compromise (which may change as a result) may not be sufficient in thwarting the threat. Easily customizable RATs like Lost Door can be hard to detect and protect against, posing a challenge to IT administrators.

Read More
Tags: Lost Door RATRATunderground cybercrimeunderground market

Nigerian Cuckoo Miner Campaign Takes Over Legitimate Inboxes, Targets Banks
  • Posted on:October 1, 2015 at 5:00 am
  • Posted in:Malware
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

When it comes to threat investigations, we often treat the malicious binary as the smoking gun or the crown jewel of the investigation. However, examining the other components can produce the bigger picture that will be far more detailed than simply focusing on the binary.

By looking beyond one malicious file, we were able to determine that a slew of seemingly unrelated phishing emails were in fact, part of a campaign targeting banks and financial institutions across the globe. The attackers used other banks’ email accounts to send the phishing emails to their targeted banks in order to gain access and remotely control their computers. We are calling this campaign “Cuckoo Miner.” The attackers’ method of taking over legitimate inboxes to prey on victims echoes the cuckoo’s distinct act of tricking other birds into raising its chick by taking over their nests.

Read More
Tags: 419 scamarablabcarbanakCuckoo MinerDARKSUNnigerian scamphishingRAT

The Blackshades RAT – Entry-Level Cybercrime
  • Posted on:May 26, 2014 at 12:05 am
  • Posted in:Malware
  • Author:
    Rhena Inocencio (Threat Response Engineer)
0

Earlier this week the US government announced the arrest of more than 100 individuals linked to the Blackshades remote access Trojan (RAT). While most of those arrested were merely users of this RAT, the arrests included its co-creator, a 24-year-old Swede named Alex Yücel. Also arrested was a 23-year-old American named Brendan Johnston, who was involved in…

Read More
Tags: BlackshadescybercrimeMalwareRATremote access too

Old Java RAT Updates, Includes Litecoin Plugin
  • Posted on:April 16, 2014 at 12:00 pm
  • Posted in:Malware, Spam
  • Author:
    Mark Joseph Manahan (Threat Response Engineer)
0

Out with the old, in with the new? When it comes to cybercrime, that’s rarely the case. We often seen old malware get upgrades with new techniques, payloads, and even targets. This is certainly the case for an old Java remote access Trojan (RAT) detected as JAVA_OZNEB.B. Users may encounter this threat as an attachment…

Read More
Tags: JavaMalwareRATSpam
Page 1 of 212

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
  • Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks
  • Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns
  • AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs
  • SLUB Gets Rid of GitHub, Intensifies Slack Use

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.