New Malware M2RAT Steals Sensitive Data

AhnLab details an incident where cybercriminals used a new malware they dubbed #M2RAT delivered through phishing email attachments. The malware can exfiltrate process information, keylogging, and document and voice files, including those from connected portable devices. The malware will periodically capture screenshots, but the cybercriminal can issue a command to capture those when desired. M2RAT uses a shared memory section for C2 communication, the transfer of stolen data to the C2 without storing them in the compromised system, and data exfiltration. AhnLab attributed the attack to APT37 (RedEyes, ScarCruft), basing their attribution on the techniques employed having been used by #apt37

#cti #threatintel

https://blog.talosintelligence.com/new-mortalkombat-ransomware-and-laplas-clipper-malware-threats/

#M2RAT #RedEyes #ScarCruft

https://asec.ahnlab.com/ko/47622/

"스테가노그래피 기법 사용한 한글(HWP) 악성코드 : RedEyes(ScarCruft)" published by Ahnlab. #Steganography, #RedEyes, #M2RAT, #CVE-2017-8291, #CTI, #OSINT, #LAZARUS https://asec.ahnlab.com/ko/47622/