AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

New phishing campaign exploits AWS and GitHub to spread trojans

Sophisticated techniques and cloud services as vehicles for emerging threats

Researchers have discovered a phishing campaign that leverages AWS and GitHub to spread malware, such as the VCURMS and STRRAT RATs, via deceptive emails. These malware can steal sensitive data and receive commands from cybercriminals.

This pill is also available in Italian language

Recent observations by Fortinet FortiGuard Labs researchers have detected a new phishing campaign using public services such as Amazon Web Services (AWS) and GitHub to host malware, including the VCURMS and STRRAT remote access trojans (RATs). The latter are spread via a Java-based downloader equipped with a commercial protector to evade detection systems.

Technical details of the attack and malware used

The attack begins with an email inviting you to click a button to verify your payment information, leading to the download of a malicious JAR file from AWS. Once executed, the file proceeds to download and activate additional JAR files responsible for activating the VCURMS and STRRAT Trojans. VCURMS is notable for using a Proton Mail email address for communication with the command and control (C2) server.

Advanced RAT features and evasion techniques

VCURMS not only sends emails to cybercriminals to report its activation, but also periodically scans the inbox for specific commands, allowing the execution of arbitrary commands, collection of system information, search and upload of relevant files , as well as downloading additional information theft and keylogger modules from the same AWS endpoint. The stolen information includes sensitive data from applications like Discord and Steam, credentials and autosaved data from different browsers, screenshots, and in-depth hardware and network details of compromised machines.

STRRAT and additional phishing campaigns detected

For its part, STRRAT is a RAT developed in Java known since 2020, equipped with a wide range of features, such as keylogging and credential extraction from browsers and applications. In parallel, Darktrace discovered a phishing campaign that exploits automatic emails sent by the Dropbox cloud storage service, with a fraudulent link that imitates the Microsoft 365 login page, highlighting the constant evolution of cybercriminals' attack strategies.

Follow us on Instagram for more pills like this

03/13/2024 11:00

Editorial AI

Complementary pills

Silent infiltration: the malicious code epidemic on GitHubImpact of malicious code in repositories: security risks in software development

Cyber-mining danger: malicious package discovered on GitLabA seemingly innocuous Python library hides a persistent threat of unauthorized cryptocurrency mining

Last pills

Career opportunities in Italian intelligence: entering the heart of securityFind out how to join the intelligence forces and contribute to national security

Hacker attack impacts Microsoft and US federal agenciesNational security implications and strategic responses to credential theft

Implications and repercussions of the serious cyberattack on the Lazio NHSConsequences and punitive measures after the ransomware attack that brought the regional healthcare system to its knees

Telecommunications security: flaw exposes conversations and 2FA to the risk of interceptionRisk of privacy violation through call diversion: measures and industry responses