Through the years, cyber threats have evolved significantly and have created wreck all over the industry. While the world is more and more concern about the threats like ransomware amid all the cybersecurity trend talks, there is one more threat that has made its way to the list of major cybersecurity threat — Remote Access Trojan (RAT).
According to reports, for the first time ever, RAT has been listed as one of the most wanted threats. A RAT is a trojan/an ill-coded program that once making its way to a computer takes over the system and exfiltrate sensitive data.
The New Threat In The Town
When it comes to compromising a computer using a remote access trojan, the threat actor needs to have a way to land that trojan to the victim computer. While there are several other ways to do that, there are a lot of ways to prevent a trojan from entering as well. However, as new cybersecurity combating techs continue to emerge year by year, hackers have shifted their focus and are going old-school again.
Humans are considered to be the weakest link when it comes to targeting any organisations. It’s all about figuring out what would work to trick a human mind (which is usually called as social engineering). And this recent event shows a perfect combination of social engineering, phishing and trojan.
An all-new phishing campaign has recently surfaced that uses fake resumes to land payloads to Windows computers. Employers who receive an email from people posing to be a job applicant might fall prey to a difficult-to-detect notorious phishing attack, that delivers a RAT called Quasar RAT used often for espionage.
What is Quasar RAT
Quasar is a remote access tool/trojan that is capable of taking control of a Windows computer from a remote location and performs tasks like keylogging, stealing credentials, taking screenshots, recording video from webcams, downloading or exfiltrating files, and managing processes on infected machines.
There was a time when Quasar was gaining a lot of traction in the day-to-day administrative work because of its typical features. However, as it’s an open-source project, and is publicly available on GitHub. it had its adverse effects as well and today its seriousness can be seen through all the hacks.
Some facts about Quasar:
- This notorious RAT’s development started back in July 2014 and was initially known as xRAT.
- It is written in C#
- Supports several versions of Windows OS
- The code of Quasar is licensed by MIT License that let users distribute it for free, modify it, use it privately, and commercialize it.
- Since inception, the project has been forked and has undergone development over 900 times
This Is How The Campaign Works
Talking about how threat actors carry out this attack of landing Quasar on Windows computer, hackers not only send password protected fake CVs but also employs counter-detection measures to camouflage the payload.
Here is the process:
- A fake resume that is password protected is sent to the target via a phishing email
- Once the potential victim enters the password to open the attachment, it prompts the user to enable macros that come in base64 encoded form.
- Once the macros run successfully, it displays a set of images that pose to be the legit content. However, that is just to trick the user
- The main part of the process lies in this step when the images keep loading and keep adding garbage string to the document while downloading and executing the Quasar RAT in the background
- And once the RAT is executed, the threat actor gets hold of the computer and performs all the tasks s/he wants
There was a time when phishing was all about redirecting look-alike web pages to people and grab credentials. And with time, the world got so aware of phishing that the rate of these attacks decreased. However, the threat was just down for some time — with the latest techs, threat actors started using this method of compromising computers again. And to top that, malware and RATs have also started to back this form of hacking.
Today, it’s not just a phishing attack but a collaboration of different other attacks as well, which makes is significantly tough for organisations and individuals to deal with it. Despite the fact, the tools available today to combat cyber threat are much more advanced many companies end up falling prey and the major reason is lack of awareness and knowledge.