Starting 2021 , it’s pouring Trojans. Day after day threat landscape keeps expanding.

Observations

The cyber threat landscape encountered multiple instances of cyberattacks from trojans, both old and new.

  • Researchers from Morphisec Labs have a new version of JSSLoader RAT that had breached into a customer’s network in December 2020. The various capabilities of the NET-based trojan are gaining persistence on systems, deploying malware, and stealing data, among others.
  • A newly discovered ElectroRAT has been found targeting cryptocurrency users since the start of 2021. The trojan was successful in emptying cryptocurrency wallets of thousands of Windows, Linux, and macOS users.
  • North Korea-based APT37 group is held responsible for a fresh wave of attacks distributing the RokRat trojan against the South Korean government.
  • A new Quaverse campaign attempted to lure people into downloading a malicious attachment from phishing emails that pretended to contain a scandalous video of the U.S president.
  • A freshly discovered Rogue RAT is being offered for sale or rent in darknet forums. Created by the Triangulum threat actor group, the trojan appears to use source code from two other Android RATs, called Cosmos and Hawkshaw.
  • A new version of Ursnif Trojan , capable of a wide variety of behaviors, has been spotted in the wild targeting Italian users.

To be noted

One can say that malware authors are adapting quickly. They are exploiting unpatched software or devices and continuously pushing new malware campaigns. Additionally, since many trojans are now offered for sale or rent on dark web forums, it enables such attack campaigns to grow at a rapid pace.