AlienSpy using Global Phishing Campaigns to target Consumers and Enterprises

AlienSpy, a remote access Trojan (RAT) is currently being used in global phishing campaigns to target both consumers and enterprises to steal valuable data and compromise systems.

Remote Access Trojans (RATs) are often recycled and redeveloped in the changing cybersecurity landscape. These kinds of Trojans are exploited through phishing campaigns which use flawed emails and malicious files to deliver malware payload to affect particular industries, consumers or businesses.

According to security firm Fidelis, the newly-discovered AlienSpy Trojan is currently being used in international phishing campaigns against both consumers and the enterprise, although generally has been detected in campaigns based in the technology, finance, government and energy sectors.

AlienSpy currently supports infections on Windows, Linux, Mac OSX and the Android mobile operating system.

 The Java-based Trojan provides an attacker a full access and control over a compromised system. The malware is able to collect system information including OS version, RAM data and computer name. It also uploads malware packages, capture webcam and microphone streams without consent.

The campaigns include njRAT, njWorm and Houdini RAT all of which are recognized to evolve in the nature of delivery rather than in core functionality.  The security firm believes the new RAT has benefited from “unified,” collaborative development. As a result, the Trojan is more sophisticated and has expanded functionality.

“Applying this technique makes it very difficult for network defenders to detect the malicious activity from infected nodes in the enterprise. To prevent various security tools from running, this version of AlienSpy performs various registry key changes,” the security firm said. “Infected systems could end up with botnet malware downloaded through AlienSpy RAT (e.g. Citadel) as it was observed by our security researchers during one of the infections.”

AlienSpy’s additional capabilities include sandbox detection tool, the detection and disabling of antivirus software, and the use of Transport Layer Security (TLS) cryptographic protocols to secure its connection to the command and control (C&C) server.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...

Digital Forensics Investigation using Autopsy In Kali Linux

Autopsy is one of the digital forensics tools use to investigate what happened on a computer. It offers a GUI access to variety of...