When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Hackers are targeting people and businesses in Russia with malicious JavaScript, so that install backdoors on their devices.
Actively developed campaign
The emails come with various attachments, among which is the JavaScript payload.
(Image credit: Shutterstock)
This payload delivers two Remote Access Trojans (RAT): NetSupport RAT and BurnsRAT.
In turn, these RATs are used to deploy the final payload: either Rhadamanthys, or Meduza.
These two are known infostealers.
Rhadamanthys has specialized tools for stealing cryptocurrency credentials, with support for over 30 different wallets.
Meduza, on the other hand, is part of the growing threat landscape for personal and business cybersecurity.
While attribution proved difficult, there is reason to believe that TA569 is behind the attacks.
ViaThe Hacker News
