Open-source phishing toolkit Gophish has been exploited to distribute the DarkCrystal RAT, or DCRat, and newly emergent PoweRAT trojans as part of a phishing campaign against Russian-speaking users, The Hacker News reports. Malicious emails with phishing links have been leveraged to launch either remote access trojan but while DCRat has been deployed through a remote HTML file, PowerRAT has been spread through a malicious Microsoft Word file that executes a rogue Visual Basic macro, according to a Cisco Talos study. "[PowerRAT] has the functionality of executing other PowerShell scripts or commands as directed by the [command-and-control] server, enabling the attack vector for further infections on the victim machine," said Cisco Talos researchers. Such findings follow a Netskope Threat Labs report detailing the distribution of DCRat through TrueConf and VK Messenger-impersonating HTML pages, as well as a Cofense report describing Remcos RAT or XWorm payload delivery through malicious content concealed in virtual hard disk files.
Malware, Phishing, Threat Intelligence
Novel PowerRAT, DCRat deployed via Gophish toolkit

(Adobe Stock Images)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds