Multi-platform Java RAT targeting government agencies
Posted on 08.07.2013
A new spear-phishing campaign targeting government agencies mostly in the US, Canada, Australia, a few European countries and the Russian Federation has been spotted by Symantec researchers.

The attackers have decided to take advantage of the most recent and controversial political topic - the PRISM data harvesting program - to deliver emails that supposedly contain documents on the subject:


The PDFs are innocuous, but the .jar file is not. It is a Java RAT called jRat, and it gives the attackers full and complete access to and control over the victim's computer.

In theory, it doesn't matter which OS the computer runs - all it takes is a Java installation and it will get compromised.

"The RAT can target not only Windows, but also Linux, Mac OS X, FreeBSD, OpenBSD, and Solaris (although we have not verified or observed the threat working on all of these operating systems)," the researchers pointed out, adding that "the threat has a builder tool that allows you to build your own customized versions of the RAT."

By comparing the C&C server used in this current campaign to the list of those used in previous ones, they also concluded that the same attackers have previously opted for more complex attacks.

"The attack has been simplified as it does not involve the use of an exploit, nor an executable shellcode/payload, but simply relies on a Java applet," they revealed.

"Nonetheless, it is no less dangerous than the older attacks and it can spread more easily since exploits are usually limited to work on specific versions of the vulnerable software and operating system, while this RAT can spread on any system where Java runtime is installed. In fact, not only has the attack been simplified, but it has also become more stable and more virulent, it is a big upgrade!"









Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //