- Phishing’s emails are spreading a troyanized version of Screenconnect, cheating the victims to install remote access malware
- Once installed, the attackers implement Asyncrat, a fileless Trojan who records the keys of keys, steals credentials and more
- The stealthy and open source nature of Asyncrat makes it a favorite among the various threat actors
Criminals are using a troyanized version of a legitimate and popular remote access tool, to release remote access Trojans (Rat) on target devices, researchers warn.
Earlier this week, Levelblue security researchers said phishing emails in which an contaminated variant of the Connectwise screen screen was being shared, disguising themselves with financial documents and other businesses.
Connectwise Screenconnect is a remote access software and remote support, which allows IT equipment, aid desks and managed service providers (MSP) to do things such as remote support, remote meetings or unattended access.
File -free malware
It also operates the multiplatform, desktop, mobile and browser connections. However, it is one of the most abused programs, often seen in impersonation and identity theft attacks.
Victims who fall in love with Phishing email and install Screenconnect end up granting criminals to criminals to criminals to their devices, which then use to deploy malware without a row called Asyncrat.
This remote access Trojan, in addition to the obvious, also allows the threat actors to register key pulsations, steal navigator credentials, digital footprints the system and look for cryptocurrency wallets and other wallet data, especially browser extensions.
“Malware without a row continues to raise a significant challenge for modern cybersecurity defenses due to its stealthy nature and dependence on the legitimate tools of the system for execution,” Levelblue said. “Unlike traditional malware that writes useful loads on the disc, fileless threats work in memory, which makes them more difficult to detect, analyze and eradicate.”
Asyncrat is an open source Trojan launched for the first time in January 2019. His accessibility has made it popular among a wide range of threat actors, from rookie cybercriminals to more organized groups.
In general, it is distributed through electronic pHishing emails or malicious attachments and has appeared in several -stage infections chains, including campaigns aimed at medical care organizations.
While malware itself is not linked to a specific group, several emerging threat cybercriminals and threat actors have adopted it widely for remote exploitation.
Through The hacker news
