Once the RAT is on a system, it functions as a keylogger and sends a wide variety of information about the victim’s activity and device to the attacker. It also steals credentials stored by Chrome, Firefox, Opera, Outlook, and other browsers and services. Additionally, it can read, write, and delete data on the victim’s computer. It’s also worth noting that the new variant of NetWire uses an assortment of anti-sandboxing and anti-debugging techniques to prevent it from being analyzed.
This phishing campaign shows why users need to be able to spot suspicious emails right off the bat. Most people wouldn’t think to hover over a PDF attachment to check for a link before clicking on it. However, a vaguely worded email regarding an unexpected invoice could have put users on high alert before they tried to open the attachment. New-school security awareness training can teach your employees to constantly be on the lookout for signs that an email is fraudulent.
Fortinet has the story: https://www.fortinet.com/blog/threat-research/new-netwire-rat-variant-spread-by-phishing.html