Microsoft shares details of malware attack on aerospace, travel sector

Microsoft shares details of malware attack on aerospace, travel sector

The malware is capable of stealing credentials, webcam data, taking screenshots, and other sensitive information from a targeted device.


Microsoft has recently uncovered a spear-phishing campaign targeting aerospace and travel organizations and warns about their multiple remote access trojans (RATs) deployed using a new and stealthy malware loader.


Attackers are using phishing emails to spoof legitimate organizations and further use images to lure the companies into opening documents that seem like PDFs containing info related to several industry sectors, including aviation, travel, and cargo. 


SEE: Gamers targeted in new malware attack with games cheat codes


As it appears to be, Microsoft noted, this campaign is moving towards achieving an end goal of harvesting and exfiltrating data from infected devices using the RATs’ remote control, keylogging, and password-stealing capabilities.

Once deployed, the malware allows attackers to “steal credentials, screenshots and webcam data, browser and clipboard data, system and network information, and exfiltrate data often via SMTP Port 587.”



Malicious email (Image provided by Microsoft)


1 of 2

SEE: Hackers Setup Fake Cyber Security firm to Target InfoSec Experts


What makes this campaign truly different from the others that have been observed in the past is the RAT loader that is employed and designed to bypass detection.


The newly discovered loader monetized under a Crypter-as-a-Service model, named Snip3 by Morphisec malware analysts, is used to drop Revenge ..

Support the originator by clicking the read the rest link below.