UK and UAE targeted by spam campaign designed to distribute Java remote, experts warn access Trojan (RAT) which they named JRAT.
Security researchers Symantec αναφέρουν ότι η εκστρατεία ξεκίνησε στις 13 Φεβρουαρίου. Οι εγκληματίες του κυβερνοχώρου στέλνουν ψεύτικα e-mail containing “payment certificates” in the hope that their targets will open the attachments. The messages state:
"Good evening, attached is the certificate payment along with this email, please confirm receipt.”
The .Jar file that comes with the message (Paymentcert.jar) is not a certificate, but a malware detected as Trojan.Maljava. When executed, he drops JRAT into the victim's system. Symantec recognizes it as Backdoor.Jeetrat.
Because it comes in Java, RAT is cross-platform, which means it can infect Windows, OS X and Linux operating systems. Most cases of this JRAT were detected between February 14 and 19.
In addition to the United Kingdom and the United Arab Emirates, he also appeared in Germany, the US, Canada, India, China, Italy and France.
"This campaign seems to be aimed at specific people. "Some aspects of the attack seem to confirm the targeted nature of the campaign, such as the low number of victims, a single sender, a server management and control center (C&C) and the fact that the majority of these spam messages were sent to personal e-mail addresses." Symantec security specialist Lionel Payet.