Trusteer Spots TorRAT Info-stealer in Fresh Version

Trusteer the security company has just uncovered TorRAT in an unusual version, the malware that cyber thieves formerly frequently employed for filching the banking credentials of online customers.

Security investigators from the company warn that a TorRAT-powered spam campaign is presently aiming attack on Internauts of The Netherlands.

Reportedly, if this malware infects a PC, it executes a MitB (man-in-the-browser) assault. The malicious program maligns the Twitter account of the target user by inserting JavaScript inside it so TorRAT can collect authentication tokens. The attackers subsequently use these tokens for acquiring illegitimate admission onto the victims' A/Cs followed with exploiting them for creating fake tweets feigned as being from the actual account-owner.

Trusteer notes that there are harmful web-links embedded on the described tweets, which have Dutch-language text.

Its investigators discovered that the texts appeared via several tweets suggesting the attack's efficacy in trapping victims.

Elaborating on the attack, Director of Product Marketing Dana Tamir of Trusteer stated that it was especially hard for safeguarding against as its approach was through one advanced spear-phishing operation. Web-surfers, utilizing Twitter, responded to accounts and their tweets from known senders. Since the TorRAT posted malevolent Twitter messages as well as dispatched them via a trustworthy member's account that had been compromised, the tweets appeared as real. It wasn't also worrying to have shortened URLs within the tweets. For, a Twitter message must have only limited count of characters; therefore it was normal to have brief text messages being accompanied with a condensed URL. But, an ill-intended person could camouflage his URL address with the condensed URL, so recipients had no way about perceiving whether the web-link was dubious, Tamir indicated. Trusteer.com published this dated April 22, 2013.

Meanwhile, Vice-President of Marketing Yishay Yoven of Trusteer stated that his organization informed Twitter about the malicious program, published mashable.com dated April 22, 2013.

Significantly, according to him, he wasn't sure if Twitter verified the authenticity of each web-link within tweets; however, suppose that was done, it would still be extremely hard for Twitter to do the remediation unless an intermediate entity made it wary of the web-links' maliciousness.

Related article: Trusted Websites Turn Green, Thanks To IE7

» SPAMfighter News - 4/26/2013