VCURMS and STRRAT Trojans Using AWS and GitHub as Launchpads

Summary:

A sophisticated phishing campaign is targeting personnel, enticing them to click on a seemingly innocuous button to authenticate payment details. However, this action initiates the download of a harmful JAR file from Amazon Web Services (AWS) onto the victim’s device. This malicious file serves as a gateway for installing a Java downloader, with the intent of distributing VCURMS and STRRAT remote access trojans (RATs).

Threat Level – Amber | Attack Report

For a detailed threat advisory, download the pdf file here

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.