RomCom RAT Attack Analysis: Fake It to Make It


The RomCom RAT has been making the rounds — first in Ukraine as it went after military installations, and now in certain English-speaking countries such as the United Kingdom.


Initially a spear-phishing campaign, the RomCom attack has evolved to include domain and download spoofing of well-known and trusted products.


In this piece, we’ll break down current RomCom realities, dive into the problems with digital doppelgangers and offer advice to help secure software downloads.


RomCom Realities


Despite the name, there’s no quirky cast of characters and relatively easy resolutions when it comes to this RomCom. Instead, unknown attackers are spoofing trusted software solutions to gain network access. As noted by The Hacker News, RomCom may be related to the Cuba ransomware and Industry Spy attacks, since all three use a similar network configuration link. However, this could also be a distraction on the part of RomCom criminals. Once installed, the RAT is capable of collecting information and capturing screenshots and exporting them to an offsite server.


Regardless of its cyber crime connections, however, RomCom’s efforts focus on people. By crafting legitimate-seeming emails supposedly from trusted brands, RomCom convinces users to click through on download links. What’s more, the RomCom RAT actually provides the software in question — albeit along with a hidden payload. With download sizes often over 10 GB, these files may not trigger automatic security protections, instead shunting the details to security teams. Given the trusted nature of the software in question, it may get a pass. The result is a scenario where staff form both the best line of defense and the prim ..

Support the originator by clicking the read the rest link below.