A newly discovered and complex remote access trojan (RAT) is spreading via malicious email campaigns using COVID-19 lures and includes numerous features to evade analysis or detection by researchers, Proofpoint has found. Dubbed Nerbian RAT, the novel malware variant is written in the OS-agnostic Go programming language and “utilizes significant anti-analysis and anti-reversing capabilities”, according to a Proofpoint blog post published Wednesday. Proofpoint researchers first observed the RAT being distributed in a low-volume email campaign beginning on April 26 in messages sent to multiple industries, mainly impacting organizations in Italy, Spain and the United Kingdom, they said. “The emails claimed to be representing the World Health Organization (WHO) with important information regarding COVID-19,” researchers wrote, noting that the messages are a throwback to similar phishing campaigns that circulated in 2020 in the early days of the pandemic. Sample emails shared in the post are sent from email addresses attempting to appear as if they coming from the WHO, such as who.inter.svc@gmail[.]com and announce@who-international[.]com, and use as their subject line WHO or World Health Organization. The messages include safety measures related to COVID-19 as well as attachments that also include “covid19” in their names but are actually Word documents containing malicious macros. When macros are enabled, the document reveals information relating to COVID-19 safety,…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2022-05-12 06:45:002022-05-12 06:45:00Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com