Quote:Researchers have unearthed a new cybercrime group, RATicate, which is behind several waves of malspam attacks targeting industrial companies with various information-stealing payloads – from LokiBot to Agent Tesla.
At least six separate campaigns have been tied to RATicate, with the first wave starting November and the most recent spotted in March. All campaigns leveraged Nullsoft Scriptable Install System (NSIS), a legitimate, open-source tool used to create Windows installers, to ultimately drop various remote access trojans (RATs) on victims’ systems.
More recently, “a new campaign we believe connected to the same actors leverages concern about the global COVID-19 pandemic to convince victims to open the payloads,” said Markel Picado, threat researcher with SophosLabs, in a Thursday analysis. “This is a shift in tactics, but we suspect that this group constantly changes the way they deploy malware — and that the group has conducted campaigns prior to this past November.”
RATicate has specifically targeted industrial firms in Europe, the Middle East and the Republic of Korea with malspam emails. The lures have varied, with some purporting to concern balance payments and asking victims to check the attached bank confirmation; and more recent ones leveraging coronavirus concerns.
Read more: https://threatpost.com/raticate-group-in...ds/155775/
![[-]](https://www.geeks.fyi/images/collapse.png)
