Fortinet’s FortiGuard Labs threat intelligence have been tracking phishing emails that contain a triple threat of remote access trojans – RATS. The package is contained in an infected Microsoft Excel document and once the recipient of the email makes the mistake of opening the file – because the file name was designed to defeat their level of cyber security awareness – malicious code is run to steal their data. However these data stealing malware can also give remote control access of the PC to threat actors and from there they could going anywhere you are connected to.
The RATs are:
- AveMariaRAT (also known as Warzone RAT) – which can steal data and operate PC cameras remotely and has a keylogger to steal passwords
- Pandora hVCN RAT – this can steal credentials from applications such as Chrome (remember all those passwords and user names you have saved in Chrome), it can also control the keyboard and mouse
- BitRAT – now this one is incredibly flexible in the attacks and thefts it can carry out, and it only costs the threat actors $20 for a lifetime license to access and use this high quality malware – it includes updates! A bargain – unless it infects you.
Of course for the RATs to launch, the victim has to ignore the macro warnings displayed by Excel as it opens… but of course that does happen…
Clive Catton MSc (Cyber Security) – by-line and other articles


