Today in predictable cybercrime, there’s a campaign going on wherein phishers are targeting people in the travel and aerospace industries with malicious emails containing loaders that pave the way for remote access Trojans (RATs) to steal data. Microsoft Security Intelligence exposed the whole operation over on Twitter.
It’s a classic phishing scheme: The bad actor pretends to be a legitimate organization or individual and whips up a very, very convincing email to enhance the legitimacy of the act. That email contains an attachment disguised as a PDF. The second it’s clicked, the RAT — in this specific campaign’s case, RevengeRAT or AsyncRAT — then gets to work on stealing your data.
VPN Deals: Lifetime license for $16, monthly plans at $1 & more
What data will it go after? Screenshots, credentials, browser data, network info, and even webcam data. Has your webcam seen anything lately you wouldn’t be proud of certain eyes stealing a look at? Then beware.
You’re not without help, though. Microsoft has published advanced hunting queries over on GitHub to help you suss out attacks in your environment.
As mentioned, this campaign is targeting two massive industries at an organizational level rather than individuals. However, individuals make up said organizations, so if you happen to work in the travel or aerospace sectors, you might be one of the people targeted by these annoying phishing attacks. Watch out for bad folks posing as good folks, always triple-check that attachments are what they claim to be, and stay safe out there.