fbpx

AlienSpy using Global Phishing Campaigns to target Consumers and Enterprises

AlienSpy, a remote access Trojan (RAT) is currently being used in global phishing campaigns to target both consumers and enterprises to steal valuable data and compromise systems.

Remote Access Trojans (RATs) are often recycled and redeveloped in the changing cybersecurity landscape. These kinds of Trojans are exploited through phishing campaigns which use flawed emails and malicious files to deliver malware payload to affect particular industries, consumers or businesses.

According to security firm Fidelis, the newly-discovered AlienSpy Trojan is currently being used in international phishing campaigns against both consumers and the enterprise, although generally has been detected in campaigns based in the technology, finance, government and energy sectors.

AlienSpy currently supports infections on Windows, Linux, Mac OSX and the Android mobile operating system.

 The Java-based Trojan provides an attacker a full access and control over a compromised system. The malware is able to collect system information including OS version, RAM data and computer name. It also uploads malware packages, capture webcam and microphone streams without consent.

The campaigns include njRAT, njWorm and Houdini RAT all of which are recognized to evolve in the nature of delivery rather than in core functionality.  The security firm believes the new RAT has benefited from “unified,” collaborative development. As a result, the Trojan is more sophisticated and has expanded functionality.

“Applying this technique makes it very difficult for network defenders to detect the malicious activity from infected nodes in the enterprise. To prevent various security tools from running, this version of AlienSpy performs various registry key changes,” the security firm said. “Infected systems could end up with botnet malware downloaded through AlienSpy RAT (e.g. Citadel) as it was observed by our security researchers during one of the infections.”

AlienSpy’s additional capabilities include sandbox detection tool, the detection and disabling of antivirus software, and the use of Transport Layer Security (TLS) cryptographic protocols to secure its connection to the command and control (C&C) server.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...