14 DAY TRIAL // Security researchers have uncovered an interesting spear phishing campaign aimed at government agencies, most of which in the United States. What’s interesting about this campaign is that it relies on a Java remote access tool (RAT).
As experts from Symantec highlight, the use of a Java RAT can be highly efficient. Because the RAT, dubbed jRat, is actually a Java applet, it’s capable of running on several operating systems, not just Windows.
The RAT builder control panel identified by researchers shows that it can be used on Mac OS X, Linux, FreeBSD, OpenBSD and Solaris.
The RAT is distributed via emails entitled something like “Obama’s Data Harvesting Program and PRISM.” These emails have three files attached to them: a couple of PDFs and a .jar file which hides jRat.
The RAT, detected by Symantec as Backdoor.Jeetrat, is capable of allowing cybercriminals to gain complete control of the infected device.
The command and control servers used in this attack have been utilized for other threats as well. Previously, cybercriminals have relied on them in attacks that leveraged exploits.
Besides the US, the malware has also been spotted in Canada, Australia, the UK, Germany and other European countries.