By Asheer Malhotra
- Cisco Talos has observed an upgraded version of a malspam campaign known to distribute multiple remote access trojans (RATs).
- The infection chain utilized in the attacks is highly modularized.
- The attackers utilize publicly available infrastructure such as Bitly and Pastebin (spread over a number of accounts) to direct and host their attack components.
- Network-based detection, although important, should be combined with endpoint protections to combat this threat and provide multiple layers of security.
Cisco Talos has observed a new Aggah campaign consisting of the distribution of malicious Microsoft Office documents (maldocs) via malicious spam (malspam) emails distributing a multi-stage infection to a target user’s endpoint.
The final payload of the infection consists of a variety of Remote-Access-Tool (RAT) families such as: