NanoCore Remote Access Trojan

 

 

The NanoCore Remote Access Trojan (RAT) is being spread through malicious documents and uses an interesting technique to keep its process running and prevent victims from manually killing the system, researchers say.

The cybersecurity team from Fortinet recently captured a sample relating to the spread of NanoCore RAT in the form of a malicious Microsoft Word document.

The malicious document, “eml_-_PO20180921.doc,” is spread via phishing campaigns and contains auto-executable malicious, obfuscated VBA code which initiates the Trojan.

If opened, the document contains a security warning at the top informing the would-be victim that macros have been disabled, but should that individual click “enable content,” the infection process begins.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against NanoCore remote access trojan and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-19718

 

 

Adobe has released a security update for Adobe Connect. This update resolves an important session token exposure vulnerability. This update affects Adobe Connect versions 9.8.1 and earlier.

Source: Adobe

How do you protect yourself?

Adobe recommends users update their software installation to the newest version.

 

Djvu Ransomware

 

 

In December 2018, a new ransomware called Djvu, which could be a variant of STOP, was released that has been heavily promoted through crack downloads and adware bundles. Originally, this ransomware would append a variation of the .djvu string as an extension to encrypted files, but a recent variant has switched to the .tro extension.

When first released, it was not known how the ransomware was being distributed and a sample of the main installer could not be found. When discussing the infection with the numerous victims who reported it in our forums and elsewhere, a common theme was noted; most of the victims stated that they became infected after downloading a software crack.

This campaign has been very successful, with ID-Ransomware reporting numerous victims submitting files to their system on a daily basis.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Djvu ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.