Emails spreading the ObliqueRAT malware now make use of steganography, disguising their payloads on compromised websites.
The ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files that are hidden on compromised websites.
The remote access trojan (RAT), which has been operating since 2019, spreads via emails, which have malicious Microsoft Office documents attached. Previously, payloads were embedded into the documents themselves. Now, if users click on the attachment, they’re redirected to malicious URLs where the payloads are hidden with steganography.
Researchers warn that this new tactic has been seen helping ObliqueRAT operators to avoid detection during the malware’s targeting of various organizations in South Asia where the goal is to ultimately sends victims an email with malicious Microsoft Office documents, which, once clicked, fetch the payloads and ultimately exfiltrate various data from the victim.
minute read
Share this article:
Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall, allowing attackers to log in as root users.
Germany-based cybersecurity company Genua has fast-tracked a fix for a critical flaw in one of its firewall products. If exploited, the vulnerability could allow local attackers to bypass authentication measures and log in to internal company networks with the highest level of privileges.
Genua says it offers more than 20 security solutions for encrypting data communication via the internet, remotely maintaining systems, securely accessing remote data and more – used by anything from critical infrastructure companies to German federal agencies. Affected by the critical flaws is the GenuGate High Resistance Firewall, which Genua touts as a two-tier firewall that includes an application-level gateway and a packet filter for blocking malicious data.