FortiGuard Labs is aware that a new Remote Access Trojan (RAT) called Nerbian RAT was delivered to the targets via COVID-19 and World Health Organization (WHO) themed emails. Nerbian RAT is written in the Go programming language and performs keylogging and screen capture on the compromised machine.Why is this Significant?This is significant because Nerbrian RAT was delivered through emails that leverages COVID-19 and World Health Organization (WHO) themed lures that are still effective today to COVID themed to compel unsuspecting victims to open malicious attachments. The RAT is also capable of stealing sensitive information from the compromised machine through keylogging and screen capture.What is Nerbian RAT?Nerbian RAT is a Remote Access Trojan and is written in the Go programming language. The malware was delivered to the target through COVID-19 and WHO themed emails such as the following:The attached document file contains malicious macros, which downloads a dropper file after macros are enabled. The dropper performs anti-reversing and anti-VM checks before launching Nerbian RAT. The malware has an encrypted configuration file containing information such which Command and Control (C2) servers to connect to and connection intervals, how many times the RAT tries to transfer files and C2 backup domains.The malware performs typical RAT activities such as keylogging and screen capture.How Widespread is the Malware?The malware was reportedly to have been observed in Italy, Spain, and the United Kingdom. What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against known samples of Nerbian RAT and associated files:VBA/Agent.XSQ!tr.dldrBAT/NerbianRAT.D!trMalicious_Behavior.SBRiskware/ApplicationW32/PossibleThreatPossibleThreat.PALLAS.HAll network IOC’s are blocked by the WebFiltering client.
More Stories
USN-7021-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7029-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...
USN-7007-3: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...
USN-6999-2: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...
USN-7028-1: Linux kernel vulnerabilities
It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local...
python-zipp-0.5.1-4.el8
FEDORA-EPEL-2024-d7489f4064 Packages in this update: python-zipp-0.5.1-4.el8 Update description: Security fix for CVE-2024-5569 (rhbz#2297119) Read More