FortiGuard Labs recently identified a phishing campaign leveraging carefully crafted emails to deliver malicious URLs linked to convincing phishing pages. These pages are designed to entice recipients into downloading JavaScript files that act as droppers for UpCrypter Malware that ultimately deploys various remote access tools (RATs).
The attack chain begins with a small, obfuscated script that redirects victims to a spoofed site personalized with the target’s email domain, enhancing credibility. In the below report, Fortinet describes an infection chain using different methods to lure the victim and successfully deliver several RATs, including PureHVNC, DCRat, and Babylon RAT.[1]
Link to full report: IR-25-238-001_UpC.pdf
[1] https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-companies-via-upcrypter/
Comments