October 31, 2023 at 03:59PM
HP Wolf Security’s “Q3 2023 Threat Insights Report” highlights a rise in malware “meal kits” costing less than $100, leading to an increase in remote access Trojan (RAT) campaigns. Excel and PowerPoint files attached to emails contain embedded RATs, posing as legitimate invoices. Popular RATs include Parallax, XWorm, and DiscordRAT 2.0. 80% of threats are email-based, and some attackers are targeting other inexperienced attackers. Parallax RAT has seen a significant surge in usage, with attackers employing new tactics such as “Jekyll and Hyde” attacks. RATs like Houdini and Remcos are also on the rise, though Microsoft’s deprecation of VBScript may impact their prevalence. Attackers are expected to shift to other supported formats like PowerShell and Bash.
Key Takeaways from the Meeting Notes:
1. The availability of affordable “meal kits” for malware, priced under $100, is leading to an increase in campaigns using remote access Trojans (RATs).
2. Malware, such as Parallax RAT, is being embedded in seemingly legitimate Excel and PowerPoint files attached to emails, appearing as legitimate invoices. Clicking on these files launches the malware.
3. Malware kits, like XWorm and DiscordRAT 2.0, hosted on platforms like GitHub, are also being used by cybercriminals.
4. 80% of the observed threats during the quarter were email-based.
5. Some cybercriminals are targeting inexperienced attackers in RAT campaigns.
6. Parallax RAT has risen in popularity, becoming the 7th most popular payload in the third quarter of 2023. It utilizes a “Jekyll and Hyde” attack, running two threads to hide the malware’s activity.
7. RATs like Remcos and Houdini are also on the rise. Houdini conceals Vjw0rm JavaScript malware and is easily accessible on hacking forums.
8. Microsoft’s deprecation of VBScript may impact the threats from Houdini and Parallax RAT, but attackers are likely to shift to other formats like PowerShell and Bash.
9. Attackers are expected to focus on using novel obfuscation techniques to bypass endpoint security in the future.