Latest RAT Widely Available in Underground Market - Symantec

Security firm Symantec has discovered a new and upcoming RAT (Remote Access Tool) which is freely available at black market and cybercriminals are eagerly chasing it to carry out their horrible cyber campaigns with its help.

The latest RAT known as NanoCore, which is identified as Trojan.Nancrat by Norton, was available before in Underground market at price of 25 USD but a report reveals that a cracked edition of NanoCore RAT is currently available freely.

Symantec highlighted on "humans' tendency to incline towards FREE things". Hackers or crackers, whatever we call them or precisely speaking bad actors who are involved in cybercrimes, the cybercriminals are also human beings and therefore this fact is also applicable to them.

Earlier this month, when NanoCore's (1.2.2.0) complete version was leaked, it showed an increased usage.

The malware is found to be madly exported in the area of cyberspace touching innocent users with the help of simple trick through emails to lure users in downloading Trojan file and compromising privacy and security.

Softpedia.com published a report on 24th March, 2015 quoting a blog of Lionel Payet, Security Researcher of Symantec, as "The attacks started on 6th March, 2015 with attacks on energy corporations in the Middle East and Asia."

As per the analysis, cybercriminals mimic the address of a genuine oil group in South Korea to enhance the credibility of the phony message.

A tainted RTF or a Word file delivers Trojan which abuses an old flaw (CVE-2012-0158) in Microsoft Windows Controls ActiveX component MSCOMCTL.OCX which is there in several older products from the company and there is SQL Server 2005/2008 and Office 2003 among them during 2010.

The text document signifies to inform the recipient about revisions of the present contract between two parties. The subject of the notification and the content provoke to open the document ensuing compromising the system.

Users such as enterprises and individuals are advised not to open any attachments or click any links enclosed in unwelcomed emails. If you have to, then check whether the link is detected as potentially malevolent and whether the attached file contains malware by using resources online and updated AV and other security solutions.

» SPAMfighter News - 4/3/2015