RATDispenser Malware Loader Targets Passwords
As elaborated in a recent blog post, researchers from the HP Threat Research team have identified a new malware loader running active campaigns. Dubbed ‘RATDispenser,’ this malware is actually a malware loader that delivers remote access trojans (RAT) and infostealers.
RATDispenser mainly acts as a malware dropper in the entire attack flow as it “gains an initial foothold” on the target device.
The threat actors are currently spreading this malware loader via phishing emails. Clicking on the malicious file in the emails would execute the malware on the target device.
Currently, RATDispenser has a meagre detection rate.
Given how it distributes different malware families, the researchers suspect that RATDispenser primarily is used as malware-as-a-service.
The variety in malware families, many of which can be purchased or downloaded freely from underground marketplaces, and the preference of malware operators to drop their payloads, suggest that the authors of RATDispenser may be operating under a malware-as-a-service business model.
Preventing RATDispenser Attack
The malware primarily spreads via phishing emails. Hence, the key strategy to prevent RATDispenser attacks is to be vigilant in identifying phishing emails. Users must always double-check the legitimacy of the sender and should avoid opening any attachments or clicking embedded URLs.
Whereas, for network admins, the researchers have advised restricting email gateways.
Let us know your thoughts in the comments.