UK and UAE targeted by spam campaign designed to distribute Java remote, experts warn access Trojan (RAT) which they called JRAT.
Security researchers Symantec they report that the campaign started on February 13. Cybercriminals send fake e-mails containing "payment certificates" in the hope that their targets will open the attachments. The messages they mention:
"Good evening, the payment certificate is attached with this email, please confirm that it has been received."
The .Jar file that comes with the message (Paymentcert.jar) is not a certificate, but one malware which is detected as Trojan.Maljava. When executed, it drops JRAT on the victim's system. Symantec recognizes it as Backdoor.Jeetrat.
Because it comes to application Java, the RAT is cross-platform, meaning it can infect devices running Windows, OS X, and Linux operating systems. Most cases of this JRAT were detected between 14 and 19 February.
In addition to the United Kingdom and the United Arab Emirates, he also appeared in Germany, the US, Canada, India, China, Italy and France.
“Η εκστρατεία αυτή φαίνεται να απευθύνεται σε συγκεκριμένα άτομα. Ορισμένες πτυχές της επίθεσης φαίνεται να επιβεβαιώνουν το στοχοθετημένο χαρακτήρα της εκστρατείας, όπως ο χαμηλός αριθμός θυμάτων, ένας μοναδικός αποστολέας, ένας server κέντρο διοίκησης και ελέγχου (C&C) και το γεγονός ότι η πλειοψηφία αυτών μηνυμάτων spam απεστάλησαν σε προσωπικές διευθύνσεις ηλεκτρονικού ταχυδρομείου,” αναφέρει ο ειδικός ασφαλείας της Symantec Lionel Payet.