Hackers Using Microsoft Publisher File To Deliver Dangerous FlawedAmmyy RAT Targeting Banks

[Aug 21, 2018]

A new campaign using Weaponized Microsoft Publisher File(.pub) to deliver the FlawedAmmyy RAT.

The FlawedAmmyy RAT is a backdoor tool that gains remote access to the attacker.

Security researchers from Trustwave spotted the Email campaign subjected “Payment Advice” with Microsoft Office Publisher file attached.

With further analysis in the Cuckoo Sandbox, researchers confirmed that the backdoor accessed a certain IP related to FlawedAmmyy. It transfers the information such as “id”, “os”, “names” and credentials from the victim’s machine to attacker’s server.

Researchers said this campaign is unusual and it was originated from the infamous notorious Necurs botnet. The campaign was small and it particularly targets domains belonging to banks.

Cyber Security Tips: 

  • Use reputable antivirus software and a firewall.
  • Do not open any suspicious emailed link or attachment before showing concerned IT Security team.
  • Do employ content scanning and filtering on your mail servers.
  • Do make sure that all systems and software are up-to-date with relevant patches.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: