Cross-platform Frutas RAT delivered via targeted emails
Posted on 16.08.2013
Bookmark and Share
The cross-platform Frutas RAT is being used in a new email phishing campaign targeting high-profile finance, mining, and telecom companies as well as governments in Europe and Asia.

The malware gets delivered via emails spreading political news such as "Obama Releases Three Declassified Spying Docs", "U.S. Consul General Hart Arrives in Hong Kong", or "UK-Northern Ireland-Japan InfoSec Agreement":



Of the two attachments included (often using the same file name), the PDF one is a decoy, while the malware resides in the second one - a JAR file.

This variant of the Frutas RAT is set to harvest information such as Mac and IP address, user name, country the computer is located in, OS information (name, version, architecture), and the Java Runtime version, and send it to a remote server

According to Symantec researchers, the RAT is probably used just for reconnaissance, so that the attackers know what kind of exploits and malware they can use in later targeted attacks.

Given the targets of this email campaign, it's natural to assume that the attackers are motivated by things other than money, and are likely employed by a nation state. Still, it is interesting to note that even attackers such as these are not above using freely distributed malware if it gets the job done.









Spotlight

OpenBSD team forks OpenSSL to create safer SSL/TLS library

Posted on 22 April 2014.  |  Members of the OpenBSD project have begun working on a free version of the SSL/TLS protocol. They are not starting from scratch, but have forked OpenSSL to create a new, more secure option which they have dubbed LibreSSL.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Apr 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //