Venom RAT deployed in sweeping phishing operation

Industrial, manufacturing, financial, trading, travel, and government organizations in the U.S., Mexico, Colombia, Brazil, Argentina, Dominican Republic, Spain, and Portugal have been targeted with new attacks by the TA588 cybercrime operation distributing the Venom RAT malware, The Hacker News reports.

TA588, which was previously known for targeting Latin America with the Revenge RAT, Vjw0rm, and Loda RAT payloads, delivered phishing emails to facilitate compromise with Venom RAT, which would then enable data exfiltration and remote system control, according to Perception Point researcher Idan Tarab.

Such a development comes amid the continuous evolution of phishing schemes, with the ScamClub malvertising operation noted by GeoEdge to have exploited Video Ad Serving Template tags to facilitate cyber fraud, with the group mostly impacting individuals in the U.S., Canada, and the UK.

Moreover, the dismantling of the QakBot trojan has prompted increased usage of the DarkGate malware loader for illicit cyber activity against corporate networks.