Pakistan-Linked Hackers Target India with New Malware: CurlBack RAT and More
A threat actor linked to Pakistan is targeting India with remote access trojans like Xeno RAT and Spark RAT. They’ve moved from using HTA files to MSI packages, just like swapping an old flip phone for a shiny new smartphone. Watch out, as they’re expanding their reach beyond government and universities!
Hot Take:
It seems like cyber espionage now has its very own sequel: “The RATs of Unusual Size.” Move over, James Bond; there’s a new spy in town, and this one doesn’t need a tuxedo—just a reliable Wi-Fi connection and a penchant for phishing. Pakistan-based cyber baddies are hitting India with more RATs than a New York City subway at midnight. They’re trading HTML files for Microsoft Installer packages faster than you can say, “I need to update Windows again?”
Key Points:
- Paksitan-linked threat actors are targeting multiple sectors in India with a range of Remote Access Trojans (RATs).
- There’s a shift from using HTML Application (HTA) files to Microsoft Installer (MSI) packages for malware delivery.
- SideCopy, a subgroup of Transparent Tribe, mimics attack methods of other threat actors like SideWinder.
- The group uses phishing emails with lure documents to distribute malware.
- New malware, CurlBack RAT, can gather system information, download files, and execute commands.