Microsoft has released details of a campaign that is targeting the Aviation industry. The threat actors are using spear-phishing campaigns to deliver emails that spoof legitimate companies. The emails contain a linked image that poses as a PDF file and an embedded link that is typically generated via a known web service, helping the emails bypass security controls. If the link is clicked the victim is infected with a new loader called Snip3 which comes in the form of a malicious VBScript. Once downloaded, Snip3 will download a Remote Access Trojan (RAT) on the victim’s device. Thus far, RevengeRAT and AsyncRAT are the only two strains that have been downloaded.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is