RAT on the Loose in Asia, Europe

Friday, August 16, 2013 @ 05:08 PM gHale

There is now a targeted attack in progress at high-profile organizations in Asia and Europe, focusing on companies in the mining, telecoms, finance and government sectors, researchers said.

The attackers use emails entitled something like “Obama Releases Three Declassified Spying Docs,” “U.S. Consul General Hart Arrives in Hong Kong” or “UK-Northern Ireland-Japan InfoSec Agreement” to trick recipients into installing a new version of the Java remote access tool (RAT) known as Frutas (Backdoor.Opsiness), said researches at Symantec.

Malware Redirects to Exploit Kit Site
That’s Malware, Not Apple Gift Card
Malware Shifts to New Port Range
Spam Botnet Dodges Detection

The malicious emails come with two files attached: a PDF document used as a decoy, and a .jar file that hides the RAT.

Once the .jar file executes, the threat starts harvesting the infected device’s MAC and IP address, username, location, operating system information, and Java version. Then, it connects to a command and control (C&C) server.

The main goal of the RAT is to gather intelligence for future targeted attacks.

Symantec said it’s seeing a growing trend in the use of Frutas for targeted attacks.

Leave a Reply

You must be logged in to post a comment.