1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Javascript files loaded with RATs hits thousands of victims

    From TechnologyDaily@1337:1/100 to All on Tue Dec 3 16:00:05 2024
    Javascript files loaded with RATs hits thousands of victims

    Date:
    Tue, 03 Dec 2024 15:27:00 +0000

    Description:
    Hackers are targeting Russians with infostealers deployed via weaponized JavaScript.

    FULL STORY ======================================================================Kaspersk y uncovers new campaign, using malicious JavaScript to deploy RATs The RATs are used to deploy two infostealers Among the victims are people and businesses in Russia

    Hackers are targeting people and businesses in Russia with malicious JavaScript, in order to install backdoors on their devices.

    Researchers at Kaspersky, who named the campaign Horns&Hooves, noted how it started in March 2023, and has since infected roughly 1,000 endpoints.

    The campaign starts with a phishing email, in which the attackers impersonate individuals and businesses, and send emails that mimic requests and bids from potential customers, or partners. Actively developed campaign

    The emails come with various attachments, among which is the JavaScript payload. This payload delivers two Remote Access Trojans (RAT): NetSupport
    RAT and BurnsRAT. In turn, these RATs are used to deploy the final payload: either Rhadamanthys, or Meduza.

    These two are known infostealers. Since late 2022, Rhadamanthys is being offered on the dark web as a service, enabling crooks to steal a vast range
    of information from the target device, from system details, passwords , to browsing data. Rhadamanthys has specialized tools for stealing cryptocurrency credentials, with support for over 30 different wallets.

    Meduza, on the other hand, is part of the growing threat landscape for personal and business cybersecurity. Like Rhadamanthys, it steals user credentials and other sensitive information, including login credentials for various services and applications. However, Meduza operates with a more focused scope, aiming to evade detection through various obfuscation and anti-analysis techniques.

    Horns&Hooves is an actively developed campaign, the researchers are saying, stressing that the code was revamped and upgraded numerous times. While attribution proved difficult, there is reason to believe that TA569 is behind the attacks. This group, according to The Hacker News , is also called
    Mustard Tempest, or Gold Prelude) and is the one running the SocGholish malware .

    The same publication also stated that TA569 was seen acting as an initial access broker for affiliates deploying the WastedLocker ransomware strain.

    Via The Hacker News You might also like This devious new malware is going after macOS users with a whole barrel of tricks Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/javascript-files-loaded-with-rats-hits- thousands-of-victims


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)