A new remote administration tool (RAT) weaponizing Microsoft Office and Adobe PDF documents to provide destructive code was spotted in dark web boards and Telegram channels.
The malware was identified by security researchers at Resecurity more than the weekend and dubbed Escanor in an advisory published on Sunday, August 21, 2022.
“The risk actors supply Android-primarily based and Laptop-centered variations of RAT, along with a hidden digital network computing (HVNC) module and exploit builder to weaponize Microsoft Place of work and Adobe PDF paperwork to produce destructive code,” reads the document.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
According to the Resecurity workforce, the RAT was very first produced for sale on January 26, 2022. To begin with made as an HVNC implant, the malware merely permitted attackers to established up a silent distant relationship to the victim’s computer system. The device afterwards advanced into a full-scale commercial RAT with a prosperous function set.
“Escanor has designed a credible popularity in dark web, and attracted in excess of 28,000 subscribers on the Telegram channel,” Resecurity wrote.
“In the past, the actor with the specific exact moniker introduced ‘cracked’ variations of other dark web resources, which includes Venom RAT, and Pandora HVNC which ended up probable applied to enrich further functionality of Escanor.”
As for the mobile variation of Escanor (dubbed ‘Esca RAT’), the malware is reportedly actively utilised by cyber-criminals to attack online-banking buyers by interception of 1-time password (OTP) codes.
“The tool can be used to acquire GPS coordinates of the target, observe keystrokes, activate hidden cameras and look through files on the distant mobile equipment to steal information,” reads the advisory.
Additional, Resecurity warned that the area name made use of by Escanor experienced been earlier determined in connection to Arid Viper, a team lively inside the Center Eastern region in 2015 and recognised to primarily goal Israeli armed service assets.
As for Escanor, the vast majority of its victims had been determined in the U.S., Canada, UAE, Saudi Arabia, Kuwait, Bahrain, Egypt, Israel, Mexico and Singapore with some infections spotted in South-East Asia.
Some parts of this report are sourced from:
www.infosecurity-journal.com