PHP Sneak Attack: New Interlock RAT Variant Hacks the Web with a Smile
Researchers have discovered a new variant of the Interlock ransomware group’s remote access trojan, shifting from JavaScript to PHP. This crafty malware campaign starts with a “Verify you are human” captcha, only to unleash Interlock RAT upon unsuspecting victims. It’s the digital equivalent of a surprise party you never wanted to attend!
Hot Take:
Move over, JavaScript, because PHP is back and it’s bringing the Interlock RAT with it! In a plot twist that only a cyber-villain could dream up, compromised websites are now serving up malware like it’s a 5-star buffet. Who knew being human could be so risky? Even the captcha is in on it. The Interlock RAT is showing its innovative side with its new PHP variant, proving once again that cybercriminals really know how to ‘code-switch’ when it counts.
Key Points:
- The Interlock RAT has shifted from JavaScript to a PHP variant in its latest cyber escapade.
- Compromised websites host a single-line script that launches the attack, often without the owner’s knowledge.
- Users are tricked into executing a PowerShell script via a fake captcha and “verification steps”.
- The malware performs automated system reconnaissance and communicates using trycloudflare.com URLs.
- This campaign targets a broad range of industries, flaunting the Interlock gang’s sophisticated cybercrime skills.