NetWire Remote Access Trojan Being Spread by Phishing Campaign

image.imgResearchers at Fortinet have come across a phishing campaign delivering a new version of the NetWire remote access Trojan (RAT). The phishing emails claim to contain invoices and encourage recipients to click on the attached PDF. The bottom of the email has an image of a PDF attachment which is actually a hyperlink to download the malware. When a victim tries to open the attachment, their computer will be infected with NetWire.

Once the RAT is on a system, it functions as a keylogger and sends a wide variety of information about the victim’s activity and device to the attacker. It also steals credentials stored by Chrome, Firefox, Opera, Outlook, and other browsers and services. Additionally, it can read, write, and delete data on the victim’s computer. It’s also worth noting that the new variant of NetWire uses an assortment of anti-sandboxing and anti-debugging techniques to prevent it from being analyzed.

This phishing campaign shows why users need to be able to spot suspicious emails right off the bat. Most people wouldn’t think to hover over a PDF attachment to check for a link before clicking on it. However, a vaguely worded email regarding an unexpected invoice could have put users on high alert before they tried to open the attachment. New-school security awareness training can teach your employees to constantly be on the lookout for signs that an email is fraudulent.

Fortinet has the story:

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews