New RevengeRat Malware steals passwords, browser data

0
287

Security news Threat Post, says that Microsoft has issued an alert. The warning is of a remote access trojan (RAT) that targets the aviation and travel industry. The new RevengeRAT malware campaign can harvest screenshots, keystrokes, webcam feeds, credentials, and browser data.

Microsoft published information on GitHub that security teams can use if they detect these threats on their network. And the latest Microsoft Security Intelligence details how phishing emails are used to upload RevengeRAT. 

Snip3 Crypter 

Morphisec the software security company dubbed the crypter service “Snip3.” The name comes from a username taken from the malware found across earlier variants. 

This is a highly sophisticated Crypter-as-a-Service. And it delivers numerous RAT families onto a variety of target machines.

The malware or “payload” is most commonly delivered by disguising phishing emails. If the target clicks on an image on the email, Snip3 delivers its payload via some form of a malicious VBScript. Snip3 in turn conveys strains of the RAT payloads (RevengeRAT or AsyncRAT).

Using phishing emails to deliver RevengeRAT

Phishing emails usually contain a link to an image disguised as a PDF file. The emails usually evade security filters since the embedded link is generated with a legitimate web service.