A remote access trojan (RAT) that had not been documented until recently has been wreaking havoc in Europe, especially entities in countries such as Italy, Spain, and the United Kingdom. This Trojan uses covid-19-themed phishing techniques to trick users into gaining unauthorized access. Learn more about the Nerbian RAT with this article.
This is the new Nerbian RAT Trojan
This Trojan started an email-borne phishing campaign in April this year. The enterprise security firm Proofpoint was the one that called it Nerbian RAT: “The newly identified Nerbian RAT leverages multiple anti-analysis components spread across several stages, including multiple open-source libraries,” they specify in a report that was shared by The Hacker News.
They also stated, “It is written in operating system (OS) agnostic Go programming language, compiled for 64-bit systems, and leverages several encryption routines to further evade network analysis.” In the message of these emails, which seem to not even reach 100, it is said that they come from the World Health Organization to give them a little more credibility.
Attached to this message is a macro-laced Microsoft Word document with the latest health and covid-19. But macros not only display the message. Those that are embedded start a chain infection. The author of this Trojan is unknown so far.
Proofpoint has emphasized that this Trojan can be upgraded to do even more damage. Its dropper currently serves only to remove the Trojan with the information. “Malware authors continue to operate at the intersection of open-source capability and criminal opportunity,” Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, explained.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Markus Spiske on Unsplash.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp