Experts warn that the United Kingdom and the United Arab Emirates are targeting a spam campaign designed to distribute the Java remote access Trojan (RAT) that they named JRAT.
Security researchers Symantec they report that the campaign started on February 13. Cybercriminals send fake e-mails containing "payment certificates" in the hope that their targets will open the attachments. The messages they mention:
"Good evening, the payment certificate is attached with this email, please confirm that it has been received."
The .Jar file that comes with the message (Paymentcert.jar) is not a certificate, but one malware which is detected as Trojan.Maljava. When executed, it drops JRAT on the victim's system. Symantec recognizes it as Backdoor.Jeetrat.
Because it comes in a Java implementation, the RAT is cross-platform, meaning it can infect devices with Windows, OS X and Linux operating systems. Most cases of this JRAT were detected between 14 and 19 February.
In addition to the United Kingdom and the United Arab Emirates, he also appeared in Germany, the US, Canada, India, China, Italy and France.
"This campaign seems to be aimed at specific people. "Some aspects of the attack seem to confirm the targeted nature of the campaign, such as the low number of victims, a single sender, a server management and control center (C&C) and the fact that the majority of these spam messages were sent to personal e-mail addresses." Symantec security specialist Lionel Payet.