+91 9116117170

Latest Phishing Campaign Delivers Quasar RAT via Fake Resumes | Cyberops

Latest Phishing Campaign Delivers Quasar RAT via Fake Resumes

By Dibya Nayani Senapati 0 Comment August 30, 2019

Phishing is the most common type of attack in the social engineering techniques. Most of the Attackers use emails, social media and SMS to trap the users for providing sensitive information or visit a malicious URL in order to compromise their privacy.

A new phishing campaign was discovered by the Researchers of Confense which basically distributes Quasar RAT onto windows operating system via password-protected fake resume documents.

Quasar is a publicly available open-source RAT and can be easily found on GitHub. Quasar RAT is basically a Remote Administration Tool that is capable of opening remote desktop connections, keylogging, taking screenshots, stealing credentials, downloading or exfiltrating files, recording video from webcams, and managing process on the infected machines.  

How does it work?

The phishing emails include malicious Microsoft Word document and that document is password protected resume. In that email, there is a password “123” and by using that password the user can open that document.

Once the users enter that password, the fake resume document will ask the users to enable the macros in order to start the infection process. The macros come in the form of base64 encoded garbage code and it is specially designed to crash analysis tools. Once the macros are successfully run, it will display a series of images that will claim that they are loading the content.

However the images are repeatedly adding a garbage string into the document contents and then display an error message, but actually they are downloading and executing the Quasar RAT in the background.

“ The last significant step the threat actors take to avoid discovery is to download a Microsoft Self Extracting executable. This executable then unpacks that Quasar RAT binary that is 401MB,” said by the Researchers.    

So, if the user isn’t smart, he or she is likely to fall into this phishing attack. Therefore it is always recommended that you should not trust on each and every email that they see in their mailbox- especially when that mail contains some URLs or Attachments.      

error: Content is protected by Cyberops !!