Fortinet researchers discovered a spear-phishing campaign targeting the aviation industry with malicious download links that distribute the AsyncRAT with a well-crafted message. AsyncRAT, also known as remote access tool (RAT) is an open-source, legitimate remote administration tool, which has been used to gather browser data, steal credentials, webcam data, screenshots, and essential details about the system and network.Threat actors targeted multiple aviation firms by sending phishing emails that appeared to be coming from the federal aviation authority using a spoofed sender address that aligns with a ‘foreign operators affairs’ email address for inquiries/approvals. The email goes through the extra step of having a signature and a logo to impersonate a federal authority. Attackers have designed the email so carefully that it creates a sense of urgency by resembling it like a Reporting of Safety Incident (ROSI) from Air Traffic Control. In addition, the email contains malicious Google Drive links disguised as a pdf attachment. Most of the emails in this campaign contain the strings ROSI, AOP, Incident Report, as well as the attachment name 'ROSI-AOP Incident Report Details, '.pdf.The researchers note that all of these emails were sent from an IP address (192.145.239.18) that was previously used in an aviation-themed campaign identified by Morphisec researchers in April and May of 2021 with the majority of victims coming from the UAE, Canada, Argentina, Djibouti, and Fiji.Security experts have warned that the aviation and travel industry is seeing a notable increase in RAT (Remote Access Trojan) cyber attack efforts through phishing emails. Similar to other forms of malware, Remote Access Trojans are usually attached to what appear to be legitimate files, such as emails or pre-installed softwar ..
Support the originator by clicking the read the rest link below.
