As technology advances, so do threats. Viruses become more sophisticated, malware is increasingly difficult to detect, and over time it will become much more subtle so that it can infect those who think they are ready.
Now it’s Microsoft itself the one that has issued an alert about a remote access tool (RAT) called RevengeRAT (also called AsyncRAT) a threat that has been targeting the aerospace and travel sector.
This malware is sent in very well crafted emails, without Nigerian princes. Employees of companies open a PDF file thinking it is legitimate, when in fact they open a malicious Visual Basic file that is responsible for installing RevengeRAT or AsyncRAT, although according to the security signature Morphisec, also delivers the Tesla RAT agent.
RATs steal passwords, videos and images from a webcam and anything that has been copied to the system clipboard. Stolen data is sent through SMTP port 587.
Microsoft has posted on GitHub some advanced search queries that security teams can use if they detect these threats on their network.
This type of threats focused on these sectors have been observed for the first time during this year 2021. From the same family we had QuasarRAT in 2018, which was used to steal credentials from the Ukrainian government.
People within companies are very used to receiving external emails with attached PDF files, so it becomes increasingly difficult to pass the first filter, now leaving the issue to antivirus that are capable of identifying these threats in time. The dangers in companies do not come only in the form of ransomware.