• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
hackers using rogue versions of keepass and solarwinds software to

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

You are here: Home / General Cyber Security News / Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT
November 3, 2022

The operators of RomCom RAT are continuing to evolve their campaigns with rogue versions of program these kinds of as SolarWinds Network Performance Keep track of, KeePass password manager, and PDF Reader Pro.

Targets of the procedure consist of victims in Ukraine and pick out English-speaking nations around the world like the U.K.

“Presented the geography of the targets and the present geopolitical condition, it is really not likely that the RomCom RAT danger actor is cybercrime-inspired,” the BlackBerry Threat Investigation and Intelligence Group claimed in a new analysis.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The most up-to-date conclusions come a 7 days right after the Canadian cybersecurity company disclosed a spear-phishing marketing campaign aimed at Ukrainian entities to deploy a remote accessibility trojan called RomCom RAT.

The unknown risk actor has also been observed leveraging trojanized variants of Highly developed IP Scanner and pdfFiller as droppers to distribute the implant.

The most recent iteration of the campaign entails placing up decoy lookalike websites with a very similar area identify, adopted by uploading a malware-laced installer bundle of the malicious program, and then sending phishing e-mails to specific victims.

Fake Keypass websiteBogus Keypass websiteFake SolarWinds websiteFake SolarWinds site

“Though downloading a cost-free demo from the spoofed SolarWinds web page, a legitimate registration variety appears,” the researchers spelled out.

“If filled out, real SolarWinds profits personnel could make contact with the victim to observe up on the merchandise demo. That method misleads the target into believing that the lately downloaded and mounted application is fully respectable.”

CyberSecurity

It is really not just SolarWinds software. Other impersonated versions require the well-known password supervisor KeePass and PDF Reader Pro, together with in the Ukrainian language.

The use of RomCom RAT has also been joined to danger actors connected with the Cuba ransomware and Industrial Spy, according to Palo Alto Networks Unit 42, which is tracking the ransomware group below the constellation-themed moniker Tropical Scorpius.

Provided the interconnected nature of the cybercriminal ecosystem, it can be not straight away obvious if the two sets of pursuits share any connections or if the malware is available for sale as a service to other threat actors.

Discovered this short article intriguing? Comply with THN on Facebook, Twitter  and LinkedIn to examine more unique information we publish.


Some areas of this posting are sourced from:
thehackernews.com

Previous Post: «new tiktok privacy policy confirms chinese staff can access european New TikTok Privacy Policy Confirms Chinese Staff Can Access European Users’ Data
Next Post: Threat Actor “OPERA1ER” Steals Millions from Banks and Telcos Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.