The AsyncRAT Malware
Hackers are employing a new evasive technique in order to distribute AsyncRAT malware. A new, sophisticated phishing attack has been identified that is distributing the threat as part of a malware campaign that is believed to have begun in September 2021 and is still ongoing.
AsyncRAT (a remote access trojan) is being delivered through a simple email phishing tactic with an HTML attachment, according to a report by Michael Dereviashkin, a security researcher at enterprise breach prevention firm Morphisec.
Threats such as AsyncRAT are often used to establish a remote connection between a threat actor and a victim’s device, steal information, or perform surveillance via microphones and cameras. They feature an assortment of powerful capabilities that allow the attackers to fully monitor and control the infiltrated machines. Oftentimes, such pieces of malware are used in conjunction with other malware.
This type of intrusion usually begins with an email message that contains an HTML attachment that seems to be an order confirmation receipt (for example, Receipt-[some digits].html). When the decoy file is opened, the message receiver is redirected to a web page that prompts him or her to save an ISO file.
Upon opening, the ISO file it is automatically mounted as a DVD Drive on the Windows host and contains either a.BAT or a.VBS file, which allows the infection chain to continue to the next level by executing a PowerShell command.
Thе result of that is the execution of a.NET module in memory, which then acts as a dropper for three files — each of which serves as a trigger for the next — to deliver AsyncRAT as the final payload. The same module also checks for antivirus software and sets up Windows Defender exclusions, among other things.
Aside from that, Morphisec’s report puts an emphasis on the campaign’s sophisticated methods, which allow the virus to pass practically undetected by most antimalware engines despite the malware-distribution operation having been in place for nearly five months. As per the information that has been disclosed, AsyncRAT is designed to remotely monitor and control its infected computers through a secure, encrypted connection.