Xtreme RAT Cyber Espionage Targets Government Institutions in Various Countries
According to an analysis by researchers at antivirus vendor, Trend Micro, the latest hacker Group that took a toll on Israeli police computers with the circulation of their Xtreme RAT (Remote Access Trojan) malware has also captivated computers from other government institutions in the US, UK, and other countries.
A scrupulous message with a .RAR attachment was sent by the attackers on various e-mail addresses within the targeted government agencies. The archive was comprised of a fake executable that purported to be a Word document that when run, was capable to install the Xtreme RAT malware, thus opening a decoy document with a news report about a Palestinian missile attack.
However, at the end of October 2012, this attack came to fore during the shutdown process of computer network of the Israeli police department that took place in order to clean the malware from its systems. As with most of the remote access, Trojan programs (RATs), Xtreme RAT provides attackers with a control over the infected machine allowing them to the uploading of documents and other files back to their servers.
Trend Micro also claimed that the most recent iterations of Xtreme Rat consists of Windows 8 compatibility that are enhanced by Firefox and Chrome password grabbing, and later on improved with audio and desktop capture capabilities features.
According to Snorre Fagerland, a Senior Virus Researcher at Norway-based antivirus vendor Norman while commenting on the same attack claimed that he examined a sample of the Trojan that is used for deploying the malware in that attack and a telltale trait came forward. However, the trait was signed with a digital certificate, which was spoofed to appear as if it had been digitally signed by Microsoft, as reported by krebsonsecurity.com in the second week of November 2012.
Nevertheless, the forged digital certificate would fall short during the validation procedure by Windows or by anyone who would verify it and compare it with the reliable root certifications shipped with Windows PCs. Except it proved to be an expedient marker for Fagerland, who has been searching the databases of malware for other similar samples that were being employed in providing the forged certificate so far. Till now, he's mapped an ever-increasing network of malware and control servers that have been very tactfully employed in dozens of targeted email attacks.
Decisively, the Israeli police is claimed to have debarred employees towards the usage of outside media (USBs, portable discs, etc.) upon the systems of the police department though they are surely going to have adequate awareness training in advance.
» SPAMfighter News - 28-11-2012