Organizations across Russia have been subjected to four times more phishing intrusions with the PureRAT information-stealing malware during the first four months of 2025, compared with the same period last year, reports The Hacker News.
Attacks which are part of a campaign by a still-unknown actor that began more than two years ago began with the distribution of phishing emails with a RAR attachment or Microsoft Word- or PDF-spoofing archive link, which included an executable leading to the eventual deployment of the PureRAT infostealer, according to a Kaspersky analysis. After connecting to a command-and-control server via SSL, PureRAT receives modules enabling the monitoring of active windows for certain keywords and execution of unauthorized fund transfers, the execution of clipper malware, the downloading of arbitrary files allowing total system access and keylogging, and the running of self-deletion and computer rebooting commands, said researchers, who also noted the infostealer's ability to pilfer data from browsers, VPN services, messaging apps, and password managers, among others.
Attacks which are part of a campaign by a still-unknown actor that began more than two years ago began with the distribution of phishing emails with a RAR attachment or Microsoft Word- or PDF-spoofing archive link, which included an executable leading to the eventual deployment of the PureRAT infostealer, according to a Kaspersky analysis. After connecting to a command-and-control server via SSL, PureRAT receives modules enabling the monitoring of active windows for certain keywords and execution of unauthorized fund transfers, the execution of clipper malware, the downloading of arbitrary files allowing total system access and keylogging, and the running of self-deletion and computer rebooting commands, said researchers, who also noted the infostealer's ability to pilfer data from browsers, VPN services, messaging apps, and password managers, among others.
