November 20, 2018 By David Bisson < 1 min read

Researchers spotted the TA505 threat group spreading a previously undocumented remote access Trojan (RAT) called tRaT.

In the fall of 2018, Proofpoint observed two email campaigns used to deliver tRat, a new modular RAT written in Delphi. Researchers spotted the first on Sept. 27. For that operation, unknown attackers abused the Norton antivirus brand to trick users into enabling content for malicious Microsoft Word documents.

The researchers detected the second campaign on Oct. 11. In that attack, a well-known threat actor group known as TA505 sent out emails with either malicious Microsoft Publisher documents or Microsoft Word attachments with different subject lines and senders. These emails specifically targeted customers of commercial banking institutions.

TA505 and the Growth of Remote Access Trojans

This isn’t the first time TA505, a financially motivated actor known for shifting with the times, has employed RATs to target users. In March and April, Proofpoint observed that the group began launching campaigns designed to infect users with the FlawedAmmyy RAT using the Quant Loader malware. These attacks involving FlawedAmmyy continued through June.

Interestingly, TA505 isn’t the only group that’s shown increased interest in FlawedAmmyy. Check Point researchers discovered several campaigns distributing the threat through the summer and early fall. This activity helped make FlawedAmmyy the first remote access Trojan to ever earn a spot on the security firm’s “Most Wanted Malware” list in October 2018.

How to Defend Against tRat

Security professionals can help their organizations defend against remote access Trojans like tRat by using tools such as VBA editor and oledump.py to analyze the macro code in suspect Microsoft Office documents. They should also investigate the static properties of potentially malicious documents by looking up the file hashes in a public malware sandbox.

Sources: Proofpoint, Proofpoint(1), Check Point

More from

Are we getting better at quantifying risk management?

4 min read - As cyber threats grow more sophisticated and pervasive, the need for effective risk management has never been greater. The challenge lies not only in defining risk mitigation strategy but also in quantifying risk in ways that resonate with business leaders. The ability to translate complex technical risks into understandable and actionable business terms has become a crucial component of securing the necessary resources for cybersecurity programs.What approach do companies use today for cyber risk quantification? And how has cyber risk…

Trends: Hardware gets AI updates in 2024

4 min read - The surge in artificial intelligence (AI) usage over the past two and a half years has dramatically changed not only software but hardware as well. As AI usage continues to evolve, PC makers have found in AI an opportunity to improve end-user devices by offering AI-specific hardware and marketing them as "AI PCs."Pre-AI hardware, adapted for AIA few years ago, AI often depended on hardware that was not explicitly designed for AI. One example is graphics processors. Nvidia Graphics Processing…

Cybersecurity Awareness Month: Cybersecurity awareness for developers

3 min read - It's the 21st annual Cybersecurity Awareness Month, and we’re covering many different angles to help organizations manage their cybersecurity challenges. In this mini-series of articles, we’re focusing on specific job roles outside of cybersecurity and how their teams approach security.For developers, cybersecurity has historically been a love-hate issue. The common school of thought is that coders are frustrated with having to tailor their work to fit within cybersecurity rules. However, many companies are embracing a security-first approach, and some developers…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today