Casa > cibernético Notícias > Ozone RAT Spread in Massive Spam Campaign

Espalhe ozônio RAT na campanha de spam em massa

-Remote-access trojan-sensorstechforumUma nova campanha de spam entregar o RAT ozônio tem sido detectado direcionada aos usuários de língua alemã. O ataque é espalhado através de documentos do Office maliciosos. Contudo, em vez do malware macro conhecido, as extremidades de operação com a instalação de Ozono.

Curiosamente, users are not prompted to enable macros in Word documents but are instead “invited’’ to double-click on a thumbnail image which eventually executes malicious JavaScript. This is an old technique which hasn’t been used in a while now.

A Closer Look into the Ozone RAT Spam Campaign

Researchers at Fortinet have reported that the email subject contains billing information forCable” serviço, and the attachment contains a Microsoft Word document. Escusado será dizer, neither of those have anything to do with a real cable service.

Like already said, attached to the document is a JavaScript with a small thumbnail of what is presented to be victim’s cable bill. The image comes with the classic instruction to double-click it to see it in full size. If the potential victim is tricked into doing so, a malicious JavaScript will be executed, and the next step in the infection chain will be triggered.

The malicious JavaScript begins to install a fake SSL Certificate, and sets proxies on IE, cromada, and Mozilla browsers to a remote Proxy Auto Config (PAC) Arquivo. The address to the PAC file is a TOR URL (a tool that allows people to communicate anonymously on the Internet) that is randomly selected from its hard-coded configuration.

Another not-so-typical component of the attack is the hosting of the malicious PAC file on a Tor URL via a Tor2Web proxy service such as onion(.)para.

The final stage of the whole scenario is the installation of a copy of the Ozone RAT. o RATO was first detected more than a year ago. atualmente, it’s being sold online for the price of $20 for a standard package and $50 for a platinum package.

Why is the whole operation carried out?

Cyber criminals’ end goal is connect to the local copy installed on the victim’s system and search for sensitive information. This is not surprising as a set of spy components are advertised to be part of the Trojan, such as a keylogger, a password dumper, a hidden startup routine, the ability to hide its process, the ability to download and execute other files, and a remote desktop feature.

With RAT applications like Ozone, one does not need to be an expert to create and distribute malware. Anyone can buy Ozone from their websites, or simply download “modified” versions, like what we used in our tests for this article“, Pesquisadores Fortinetconcluir.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar