Malware Meal Kits Serve Up No-Fuss RAT Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security


Malware Meal Kits Serve Up No-Fuss RAT Attacks


The wider availability of turnkey cyberattack kits in the criminal underground is leading to a glut of campaigns using remote access Trojans (RATs).



A rise in the availability of malware meal kits for less than $100 is fueling a surge in campaigns using remote access Trojans (RATs), which are often embedded in seemingly legitimate Excel and PowerPoint files attached to emails.
Thats according to HP Wolf Security, which published its 
Q3 2023 Threat Insights Report
today, observing a significant spike in Excel files with DLLs infected with the Parallax RAT. The files appear to recipients as legitimate in invoices, which, when clicked, launch the malware, according to HP senior malware analyst Alex Holland. Parallax RAT malware kits are available for $65 a month on hacking forums, he adds.
Cybercriminals have also targeted aspiring attackers with malware kits such as XWorm, hosted in seemingly legitimate repositories such as GitHub, according to HPs report. Others, such as those featuring the new DiscordRAT 2.0, have also 
recently emerged
, according to researchers.
Holland emphasized that 80% of the threats that it saw in its telemetry during the quarter were email-based. And in an interesting wrinkle, some cybercriminals appear to be going after their own, with savvy attackers targeting inexperienced ones in some RAT campaigns.
According to the HP report, Parallax RAT jumped from the 46th most popular payload in the second quarter of 2023 to seventh in the following quarter. Thats a really big spike in attackers using this file format to deliver their malware, Holland says.
For instance, researchers spotted one Parallax RAT campaign running a Jekyll and Hyde attack: Two threads run when a user opens a scanned invoice template. One thread opens the file, while the other runs malware behind the scenes, making it harder for users to tell an attack is in progress, according to the report.
Parallax was previously associated with various malware campaigns during the outset of the pandemic, according to a March 2020 blog post by
Arnold Osipov
, a malware researcher at Morphisec. It is capable of bypassing advanced detection solutions, stealing credentials, executing remote command, Osipov wrote at the time.
Osipov tells Dark Reading now that he hasnt seen the specific rise in attacks using Parallax that HP is reporting, but that overall, RATs have become a growing threat in 2023.
Various upticks in RAT activity include one in July, when
Check Point Research pointed
 to an increase in Microsoft Office files infected with a
RAT known as Remcos
, which first appeared in 2016. Many of these malicious files have appeared on fake websites created by the threat actors. 
Another RAT-based campaign that’s on the rise that HP underscored is Houdini, which conceals Vjw0rm JavaScript malware. Houdini is a 10-year-old VBScript-based RAT now easily attainable in hacking forms that exploit OS-based scripting features. 
Its worth noting that the threats from Houdini and Parallax may be short-lived now that 
Microsoft plans to deprecate VBScript
. Microsoft announced earlier this month that VBScript will only be available in future releases of Windows, will only be available on demand, and ultimately will no longer be available. 
However, while Holland says that while thats good news for defenders, attackers will move on to something else.
What we expect in the future is that attackers will switch from VBScript malware, and possibly even JavaScript malware, to formats that will continue to be supported on Windows — things like PowerShell and Bash, he says. And we also expect that attackers will focus more on using interesting or novel obfuscation techniques to bypass endpoint security using these coding languages.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Malware Meal Kits Serve Up No-Fuss RAT Attacks