Researchers have identified a new remote access trojan, ResolverRAT, specifically attacking healthcare and pharmaceutical industries. It uses fear-based phishing emails that are localized to languages prevalent in the target countries to maximize infection rates. The attack chain employs sophisticated methods like DLL side-loading and a multi-stage bootstrapping process aimed at stealth. The emails often hint at legal issues to spur urgency, while the ResolverRAT achieves persistence through redundant methods, enabling it to evade detection effectively.
The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link," Morphisec Labs researcher Nadav Lorber said in a report shared with The Hacker News.
The ResolverRAT's initialization sequence reveals a sophisticated, multi-stage bootstrapping process engineered for stealth and resilience," Lorber said, adding it "implements multiple redundant persistence methods.
Collection
[
|
...
]