• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
romcom hackers circulating malicious copy of popular software to target

RomCom Hackers Circulating Malicious Copy of Popular Software to Target Ukrainian Military

You are here: Home / General Cyber Security News / RomCom Hackers Circulating Malicious Copy of Popular Software to Target Ukrainian Military
October 26, 2022

The threat actor at the rear of a distant entry trojan called RomCom RAT has been observed focusing on Ukrainian armed service establishments as part of a new spear-phishing campaign that commenced on Oct 21, 2022.

The growth marks a change in the attacker’s modus operandi, which has been formerly attributed to spoofing genuine applications like Innovative IP Scanner and pdfFiller to drop backdoors on compromised devices.

“The original ‘Advanced IP Scanner’ campaign occurred on July 23, 2022,” the BlackBerry exploration and intelligence staff stated. “When the sufferer installs a Trojanized bundle, it drops RomCom RAT to the system.”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Though previous iterations of the campaign concerned the use of trojanized Innovative IP Scanner, the unidentified adversarial collective has given that switched to pdfFiller as of Oct 20, indicating an lively endeavor on aspect of the adversary to refine techniques and thwart detection.

These lookalike sites host a rogue installer package that success in the deployment of the RomCom RAT, which is able of harvesting facts and capturing screenshots, all of which is exported to a remote server.

Malicious Versions of Popular Apps

The adversary’s most recent exercise directed towards the Ukrainian armed forces is a departure in that it employs a phishing email with an embedded website link as an initial an infection vector, foremost to a fake internet site dropping the next stage downloader.

CyberSecurity

This downloader, signed using a legitimate electronic certificate from “Blythe Consulting sp. z o.o.” for an further layer of evasion, is then applied to extract and run the RomCom RAT malware. BlackBerry explained the very same signer is utilised by the legitimate edition of pdfFiller.

Other than the Ukrainian military services, other targets of the marketing campaign include IT businesses, food items brokers, and food stuff manufacturing entities in the U.S., Brazil, and the Philippines.

“This marketing campaign is a superior illustration of the blurred line concerning cybercrime-motivated danger actors and focused attack risk actors,” Dmitry Bestuzhev, danger researcher at BlackBerry, instructed The Hacker News.

“In the earlier, each groups acted independently, relying on various tooling. Today, qualified attack risk actors depend extra on common tooling, making attribution more challenging.”

Uncovered this article intriguing? Observe THN on Facebook, Twitter  and LinkedIn to browse extra unique articles we article.


Some elements of this posting are sourced from:
thehackernews.com

Previous Post: «see tickets admits it took nine months to remove malicious See Tickets admits it took nine months to remove malicious code from site
Next Post: London’s New Cyber Resilience Centre Set to Fight Cybercrime in the Capital Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.