Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » New evasion techniques help AlienSpy RAT spread Citadel malware

New evasion techniques help AlienSpy RAT spread Citadel malware

2015/04/08

Threatpost - (International) Fidelis researchers reported that hackers have co-opted the AlienSpy remote access tool (RAT) and are spreading it via phishing messages to deliver the Citadel banking trojan and establish backdoors inside a number of critical infrastructure operations, including technology companies, financial institutions, government agencies, and energy companies. The tool has the capability to detect whether it is being executed inside a virtual machine, can disable antivirus and other security tools, and employs transport-layer security (TLS) encryption to protect communication with its command-and-control (C&C) server.

Source: https://threatpost.com/new-evasion-techniques-help-alienspy-rat-spread-citadel-malware/112064

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:00