Fidelis Cyber Security firm has recently issued the Fidelis Threat Advisory #1013 to detail a phishing campaign using the Unrecom RAT (remote access trojan).
Experts at Fidelis during the last two weeks have observed an increase in attack activity, based on this malicious agent, against the US and local government, technology, advisory services, health, and financial. The campaign also hit the financial industry in Saudi Arabia and Russia.
The Unrecom remote access tool was spread as attachments of phishing emails try to trick the users into thinking the emails are legitimate. Following a list of names used for the attachment in the phishing campaign:
The Unrecom is a multi-platform Java-based remote access tool has a low detection rate, it goes undetected by most AntiVirus solutions. Last version of this RAT is 3.2 and is being sold at “unrecom[.]net” for $500 (Enterprise Version) and $200 (Full Version).
“The evolution of Unrecom RAT dates from its beginnings as a tool known as Frutas RAT, subsequently branded as Adwind RAT, and now Unrecom RAT. In 2013, it was reported that Frutas RAT was used in phishing email campaigns against high profile companies in Europe and Asia in sectors such as finance, mining, telecom, and government.” states the advisory.
As many other remote access tools also Unrecom RAT provides basic features to gain remote control over the victims:
The advisory reveals that Command & Control (CnC) servers used by the Unrecom RAT in this campaign were used in the past by variants of the DarkComet and AcromRAT malware which have been observed in large volumes in the Middle East.
Following the list of indicators provided in the advisory … be aware!
(Security Affairs – Unrecom RAT, phishing)
The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the…
Russia-linked threat actor UAC-0063 targets Kazakhstan to gather economic and political intelligence in Central Asia.…
Experts warn of a new campaign targeting an alleged zero-day in Fortinet FortiGate firewalls with…
A critical vulnerability in Aviatrix Controller is actively exploited to deploy backdoors and cryptocurrency miners…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust PRA and RS and Qlik Sense…
FunkSec, a new ransomware group that attacked more than 80 victims in December 2024, was…
This website uses cookies.