Cybersecurity specialists report the detection of a new phishing campaign dedicated to the delivery of the AsyncRAT Trojan hidden in an HTML attachment. This malware allows threat actors to monitor affected systems and even control them remotely through an encrypted and undetectable connection for victims.
The infection starts with a simple email containing an HTML attachment disguised as an order confirmation receipt, so target users don’t usually distrust the message. When opening the file, the user will be redirected to a web page where they will be asked to save an ISO file.
This process leads to the execution of an in-memory .NET module that subsequently acts as a three-file dropper; the first acts as a trigger for the second file, which will eventually deliver AsyncRAT as the final payload and check if there is an antivirus solution on the affected system to establish some exemptions.
Dereviashkin adds that malware samples like AsyncRAT are typically used to establish a remote link between a threat actor and a target device, allowing hackers to steal information and surveil victims using their devices’ cameras and microphones, essentially making it a spying tool.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.