Safety researchers have noticed a brand new malware payload deployed in assaults towards the healthcare and pharmaceutical sectors. Dubbed ResolverRAT, the distant entry Trojan options in-memory execution and complicated anti-analysis and payload encryption strategies.
ResolverRAT has been distributed by phishing emails with malicious attachments that use fear-based lures mentioning copyright infringement, varied authorized violations, and ongoing investigations. The emails are localized in a number of languages, together with English, Hindi, Italian, Indonesian, Turkish, Portuguese, and Czech, indicating the worldwide scale of the marketing campaign.
“Whereas current experiences by Examine Level and Cisco Talos have attributed related phishing infrastructure and supply mechanisms to campaigns distributing Rhadamanthys and Lumma respectively, the RAT noticed in Morphisec Menace Labs’ incident investigations seems to be beforehand undocumented,” Morphisec researchers wrote of their report launched Monday. “Regardless of clear overlaps in payload supply, e-mail lure themes, and even binary reuse, this variant introduces a definite loader and payload structure that warranted classification as a brand new malware household.”
