JavaScript Loader RATDispenser Infects Windows PCs with RATs

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

RATDispenser, a novel secretive JavaScript loader, is being employed in phishing campaigns to infect devices with a range of Remote Access Trojans (RATs).

The new loader quickly formed distribution agreements with at least eight malware families, all of which were developed to steal data and give attackers access over victim machines.

As explained by BleepingComputer, in 94% of the cases investigated by security researchers at HP Threat, the JavaScript loader does not communicate with a server controlled by the attacker and is only utilized as a first-stage malware dropper.

Rather than using Microsoft Office documents to deliver payloads, RATDispenser employs JavaScript attachments. According to the researchers, these attachments have a low detection rate.

RATDispenser M.O.

The attack starts with a phishing email message that includes a malicious JavaScript attachment with the double-extension ‘.TXT.js’.

Because Windows hides extensions by default, if the potential target saves the malicious document on their machine, it will appear as an inoffensive text file.

Source

This text file has been

Read the article