Java Remote Access Trojan ( RAT ) campaigns are not uncommon anymore. Their traffic has increased in recent years and they still target businesses as well as individuals. The popularity of these campaigns is not surprising, as if an attacker infects it computer of the victim with a RAT, then he can gain full control of the computer. Along with this, these threats are not only limited to an operating system, but to any computer running Java. Attackers have easy access to Java RATs thanks to the fact that the source code is freely distributed on the Internet.
As the Symantec, noticed a new spam campaign that distributes a Java RAT known as JRAT, which was launched on February 13 2014. The sender of the spam e-mail claims to have attached a payment certificate to the message and asks the user to confirm that it has received it.
Το μήνυμα ηλεκτρονικού ταχυδρομείου περιέχει πραγματικά ένα κακόβουλο συνημμένο με όνομα αρχείου Paymentcert.jar, και ανιχνεύεται σαν Trojan.Maljava. Εάν εκτελεστεί το Trojan, θα τρέχει το JRAT, που ανιχνεύεται σαν Backdoor.Jeetrat. The RAT not only affects Windows PCs, but also Linux, Mac OSX, FreeBSD, OpenBSD, and Solaris computers. This RAT is not new as we have seen it in previous targets attacks. The JRAT builder, as shown in the image below, shows how easy it is for an attacker to create their own custom RAT.
Symantec's telemetry shows that the campaign has primarily affected the United Arab Emirates and the United Kingdom.
This campaign seems to target specific people. Some aspects of the attack seem to confirm the targeted nature of the campaign, such as the small number of victims, a single messenger, a single server as a command and control center (C&C) and the fact that the majority of these spam messages were sent to personal addresses email.
Symantec advises users to exercise caution when receiving unsolicited, unexpected, or suspicious emails messages email. If you are not sure about the legitimacy of the email, then do not open it, or if you do open it, do not do what it asks, such as clicking on links or opening attachments.
