Many cybersecurity researchers have come to the attention that many cybercriminals are now taking the help of JavaScript downloaders to spread eight different types of Remote Access Trojan (RAT) malware to obtain control of your Windows systems and steal various sensitive data.
The cybersecurity researchers at HP Wolf Security have called this termed this trojan “RATDispenser.”
This stealthy malware delivers a 'silent threat' that wants to steal your passwords https://t.co/7caEHxlEbO
— The Cyber Security Hub™ (@TheCyberSecHub) November 26, 2021
The hackers use a phishing email as an access point that contains text files regarding a product order. Once the user checks this file, it will initiate an automatic process that installs RATDispenser malware. The hackers have added a long set of codes to the initial JavaScript to hide it from being detected.
Once it is installed, RATDispenser spreads several different types of trojans, malware, keyloggers, and other malicious content to try to steal your sensitive information.
STRRAT and WSHRAT have been discovered in four out of five samples, making them the most distributed malware. Other types of malware spread through RATDispenser include Ratty, GuLoader, Panda Stealer, Formbook, and Adwind.
While Panda Stealer was discovered this year, WSHRAT has been operating for many years. Also, when this research was conducted and published, RATDispenser was detected in one out of 10 antivirus software.
Patrick Schlapfer, who works as a malware analyst at HP Wolf Security, had to say this about the discovered trojan:
It’s particularly concerning to see RATDispenser only being detected by about 11% of antivirus systems, resulting in this stealthy malware successfully deploying on victims’ endpoints in most cases. RATs and keyloggers pose a silent threat, helping attackers to gain backdoor access to infected computers and steal credentials from business accounts or even cryptocurrency wallets. From here, cybercriminals can siphon off sensitive data, escalate their access, and in some cases sell this access on to ransomware groups.
As a precaution against the attacks by RATDispenser, researchers have recommended that network administrators look over the type of email attachment their email gateway is allowing that is completely unnecessary.
Steps To Protect Yourself From Phishing
Here are a few steps you can follow to protect yourself from various phishing attempts:
- If you receive a suspicious email or an email attachment, then do not open or click on any such link.
- Develop a habit of using anti-phishing toolbars for additional protection.
- Make sure to check your old and unused accounts regularly.
- Keep your browsers updated with vital security patches.
- Use Antivirus software with VPN technology to block attacks from malicious sources and allow you to circumvent various geo-restrictions.
