Hackers target Indian financial institutions with Crimson RAT

Hackers are trying to exfiltrate sensitive data using Crimson RAT.

Researchers uncovered a new wave of an APT campaign that target the Indian financial institutions with the powerful Crimson RAT to compromise the network devices and exfiltrate the sensitive data. The recently observed campaign has specifically targeted the Indian Financial institutions with phishing emails.

Hackers are using phishing emails in two different ways to target Indian financial organizations. One of the method contains a ZIP file with an embedded document. The payload reports back to a malicious C2 server controlled by hackers.

The other phishing campaign contains a malformed DOC file that has embedded with malicious macro, once victims enable the macro it executes the RAT payload and loads the clean Resume/CV file. Crimson RAT has a function to access the sensitive data from the compromised victim and transfer the collected data over non-web channels to its command-and-control (C&C) server.

The RAT keeps receiving the commands from the C&C server, performs the desired activities and keeps update the result to the C2 server that controlled by the attacker. NPAV recommends users to never trust such links and scammers as they can cost you a tremendous amount of data and money.

Use NPAV and join us on a mission to secure the cyber world.

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *