- Phishing -e -emails spreading a trojanized version of Screenconnect that fools victims to install malware for remote access
- Once installed, attacking attackers expose asyncrat, a Fillous Trojan that loggs keystrokes, steals credentials and more
- Asyncrats Stealth and Open Source Nature Make It a Favorite Among Different Threat Actors
Criminals use a trojanized version of a popular, legitimate remote access tool, to drop remote access trojans (rat) on target units, scientists are warning.
Earlier this week, Security Scientists from Levelblue said they saw phishing -e emails where an obsessed variant of Connectwise Screenconnect was shared, where they became masquerading as financial and other business documents.
Connectwise Screenconnect is a remote access and remote support software that lets the teams, help desks, and managed service providers (MSPs) do things like remote support, remote meetings or unattended access.
Fillous Malware
It also drives cross platform, supports desktop, mobile and browser -based connections. However, it is one of the more abused programs that is often seen in imitation and identity theft attacks.
Victims falling for the phishing -e email and installing Screenconnect end up giving criminal unabated access to their devices, which they later use for Stealthily implements Fillous Malware called Asyncrat.
This remote access Trojan, in addition to the obvious, also allows threat actors to log keystrokes, steal browser legitimation information, the fingerprint system and look for cryptocurrency wallets and other wallet data – especially browser extensions.
“Fillous malware continues to present a significant challenge for modern cyber security defense due to its stealthy nature and dependence on legitimate system tools for execution,” LevelBlue said. “Unlike traditional malware that writes payload to disk, filling memory threats work, making them harder to detect, analyze and eradicate.”
Asyncrat is an open source Trojan, first released in January 2019. Its availability has made it popular among a large number of threat actors, from beginner cyber criminals to more organized groups.
It is usually distributed through phishing emails or malicious attachments and has been shown in multiple stages of infection chains, including campaigns aimed at health organizations.
While malware itself is not tied to a particular group, various cyber criminals and new threat players have largely adopted it for remote utilization.
Via Hacker the news
