National Cyber Warfare Foundation (NCWF) Forums


Hackers Deliver AsyncRAT Through Weaponized WSF Script Files


0 user ratings
2023-12-07 06:42:03
milo
Red Team (CNA)

 - archive -- 

The AsyncRAT malware, which was previously distributed through files with the .chm extension, is now being disseminated via WSF script format. The WSF file was found to be disseminated in a compressed file (.zip) format through URLs included in emails. AsyncRAT spreads through a variety of strategies and tactics. Malspam and phishing efforts, which mimic legitimate messages like […]


The post Hackers Deliver AsyncRAT Through Weaponized WSF Script Files appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



The AsyncRAT malware, which was previously distributed through files with the .chm extension, is now being disseminated via WSF script format. The WSF file was found to be disseminated in a compressed file (.zip) format through URLs included in emails.





AsyncRAT spreads through a variety of strategies and tactics. Malspam and phishing efforts, which mimic legitimate messages like DHL shipment updates with malicious file attachments, are the most prevalent infection vectors.





Threat actors are still creating and using cutting-edge and unique ways to spread AsyncRAT, such as “fileless” injection, which loads the main AsyncRAT binary into memory and runs it without requiring the target system to have a file installed.





How is the AsyncRAT Disseminated via WSF Script?





The AhnLab Security Emergency Response Center (ASEC) reports that the downloaded zip file is decompressed to produce a file with the .wsf file extension. 





This file just has one

 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.