Threat Watch

ObliqueRAT Receives Steganographic Update

ObliqueRAT, a Remote Access Trojan that was first discovered in early 2020, has received an update that now disguises the payload in image files on compromised websites, according to an article published on ZDNet. The RAT has been updated to include many new features, the most notable being the use of steganographic payloads to embed zip files in images. These malicious images are downloaded by ObliqueRAT’s maldoc stager, and the zip file is extracted by the maldoc macros. While there are no solid attributions, ObliqueRAT has been connected to campaigns distributing CrimsonRAT and also possibly RevengeRAT.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

As these infections stem from malicious macro-laden document files distributed as email attachments, Binary Defense recommends using great care when enabling macros, as macros from untrusted sources may result in malware deployment. Additionally, Binary Defense recommends employing a 24/7 SOC solution, such as Binary Defense’s own Security Operations Task Force, to quickly detect when unusual processes and behavior occurs on employee workstations and respond to stop the threat before attackers move laterally and take control of the domain.

Source: https://www.zdnet.com/article/obliquerat-trojan-now-hides-in-images-on-compromised-websites/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support