Hjem > Cyber ​​Nyheder > Ozone RAT Spread in Massive Spam Campaign

Ozon RAT Spread i Massive Spam Campaign

fjernadgang-trojan-sensorstechforumEn ny spam-kampagne leverer Ozone RAT er blevet detekteret rettet mod tysk-talende brugere. Angrebet spredes via ondsindede Office-dokumenter. Men, i stedet for den velkendte makro malware, operationen afsluttes med installationen af ​​ozon.

Interessant, users are not prompted to enable macros in Word documents but are instead “invited’’ to double-click on a thumbnail image which eventually executes malicious JavaScript. This is an old technique which hasn’t been used in a while now.

A Closer Look into the Ozone RAT Spam Campaign

Researchers at Fortinet have reported that the email subject contains billing information forCable” service, and the attachment contains a Microsoft Word document. Naturligvis, neither of those have anything to do with a real cable service.

Like already said, attached to the document is a JavaScript with a small thumbnail of what is presented to be victim’s cable bill. The image comes with the classic instruction to double-click it to see it in full size. If the potential victim is tricked into doing so, a malicious JavaScript will be executed, and the next step in the infection chain will be triggered.

The malicious JavaScript begins to install a fake SSL Certificate, and sets proxies on IE, Krom, and Mozilla browsers to a remote Proxy Auto Config (PAC) fil. The address to the PAC file is a TOR URL (a tool that allows people to communicate anonymously on the Internet) that is randomly selected from its hard-coded configuration.

Another not-so-typical component of the attack is the hosting of the malicious PAC file on a Tor URL via a Tor2Web proxy service such as onion(.)til.

The final stage of the whole scenario is the installation of a copy of the Ozone RAT. Den RAT was first detected more than a year ago. I øjeblikket, it’s being sold online for the price of $20 for a standard package and $50 for a platinum package.

Why is the whole operation carried out?

Cyber criminals’ end goal is connect to the local copy installed on the victim’s system and search for sensitive information. This is not surprising as a set of spy components are advertised to be part of the Trojan, such as a keylogger, a password dumper, a hidden startup routine, the ability to hide its process, the ability to download and execute other files, and a remote desktop feature.

With RAT applications like Ozone, one does not need to be an expert to create and distribute malware. Anyone can buy Ozone from their websites, or simply download “modified” versions, like what we used in our tests for this article“, Fortinet forskerekonkludere.

Milena Dimitrova

Milena Dimitrova

En inspireret forfatter og indholdschef, der har været hos SensorsTechForum siden projektets start. En professionel med 10+ års erfaring med at skabe engagerende indhold. Fokuseret på brugernes privatliv og malware udvikling, hun tror stærkt på en verden, hvor cybersikkerhed spiller en central rolle. Hvis almindelig sund fornuft giver ingen mening, hun vil være der til at tage noter. Disse noter senere kan blive til artikler! Følg Milena @Milenyim

Flere indlæg

Følg mig:

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...