Out with the old, te with the fresh? When it comes to cybercrime, that’s infrequently the case. Wij often seen old malware get upgrades with fresh technics, payloads, and even targets. This is certainly the case for an old Java remote access Trojan (RAT) detected spil JAVA_OZNEB.B.
Users may encounter this threat spil an attachment to spammed emails. Thesis emails are often financial te nature. One such email pretends to be from American Express, informing recipients that their accounts have bot suspended due to suspicious activity. To reactivate, they voorwaarde pack out the attachment and send it back to American Express. The attachment is actually the malware ter disguise. Users may also encounter the malware online pretending to be catalogues, product lists, or receipts.
Figure 1. Sample spammed message
Once it infects the rekentuig, the RAT can perform a multiplicity of routines, such spil take screenshots, display messages, and geyser extra plugins, including one for mining Litecoins. The option for extra plugins makes the malware a high risk threat spil cybercriminals can update and tweak routines spil they wish. Making the malware a thicker threat is the fact that it can run on numerous platforms. It should be noted that this is not the very first Java RAT that affects numerous platforms, wij very first spotted one te 2012.
JAVA_OZNEB.B wasgoed previously known spil Adwind then straks renamed to UNRECOM (Universal Remote Control Multi-Platform). Aside from the fresh name, the malware also experienced an upgrade: it can now run on the Android toneel. The inclusion of Android ter the set-up is very notable because aside from running te Android, this malware now also works spil an APK schrijfmap. Waterput simply, the malware can be used to Trojanize legitimate apps, like an Android malware we’ve previously discussed.
The inclusion of a Litecoin miner plugin is very notable, given the slew of threats targeting cryptocurrencies we’ve seen recently. Litecoin is a cryptocurrency that’s often considered spil a popular alternative to Bitcoin. The Litecoin plugin can permit a remote malicious user to use an infected rekentuig to mine Litecoins. Mining digital currencies requires a loterijlot of computing power so victims may practice sluggish spectacle from their infected computers.
Terugkoppeling from the Brainy Protection Network that affected countries includes the United States, Turkey, Australia, Taiwan, Singapore, and Japan. Wij advise users to be cautious when opening emails, even if they show up to come from reputable senders. For matters related to finance, it’s best to call the financial institution involved to resolve potential issues.
With extra insights from Lala Manly.