Select Page

A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems.

“The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances, such as Warzone RAT and Quasar RAT,” Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said.

“Both are used for command-and-control during different stages of the infection chain.”

The multi-stage attack chain commences when an email recipient clicks the embedded link pointing to a password-protected ZIP file (“”) hosted on Microsoft OneDrive with the password “12345.”

images from Hacker News