[Aug 21, 2018]
A new campaign using Weaponized Microsoft Publisher File(.pub) to deliver the FlawedAmmyy RAT.
The FlawedAmmyy RAT is a backdoor tool that gains remote access to the attacker.
Security researchers from Trustwave spotted the Email campaign subjected “Payment Advice” with Microsoft Office Publisher file attached.
With further analysis in the Cuckoo Sandbox, researchers confirmed that the backdoor accessed a certain IP related to FlawedAmmyy. It transfers the information such as “id”, “os”, “names” and credentials from the victim’s machine to attacker’s server.
Researchers said this campaign is unusual and it was originated from the infamous notorious Necurs botnet. The campaign was small and it particularly targets domains belonging to banks.
Cyber Security Tips:
- Use reputable antivirus software and a firewall.
- Do not open any suspicious emailed link or attachment before showing concerned IT Security team.
- Do employ content scanning and filtering on your mail servers.
- Do make sure that all systems and software are up-to-date with relevant patches.