TrendMicro has discovered a spearphishing attack that compromised the Israeli police. The attack forced all police computers to be taken offline.
In a textbook example of effective social engineering, the attackers crafted this email which spoofed the name of a trusted sender (Benny Gantz, the head of the Israel Defense Forces), had text that was a strong call to action (in this case, a subject of immediate interest to Israeli security forces) and delivered an attachment with zero day exploits.
When the recipients opened the email, they were offered the opportunity to download the enticing attachment. The attachment installed malware of the Xtreme remote access Trojan (RAT) variety. Like all RAT malware, this RAT can be used for cyberespionage and remote command execution. TrendMicro reports that this is a new and improved RAT:
In addition to the standard features that are common to every RAT, the newest Xtreme RAT version also has the following features:
- Windows 8 compatibility
- improved audio and desktop capture capabilities
- improved Chrome and Firefox password grabbing; it can also grab passwords from Opera and Safari
- free updates from the developer
Spearphishers deceive by masquerading as trusted senders. SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks. Click here to learn more. You can contact us at 408-727-6342,ext 3 or use our online form.