Monday, November 20, 2017
Home / Malware / Xtreme RAT infiltrated US, UK, and other governments

Xtreme RAT infiltrated US, UK, and other governments

A hacker group recently infected Israeli police computers with the Xtreme RAT(remote administration tool) this malware has also been directed at government institutions from the U.S., U.K., and other countries, reported researchers from antivirus vendor Trend Micro.

The attackers sent out messages with a .RAR attachment to email addresses within the targeted agencies. The archive contained a malevolent executable that looked as though it was a Word document but, when ran, it installed the Xtreme RAT malware and then opened a decoy document with a news report about a Palestinian missile attack.

Xtreme RAT gives attackers control over the infected machine and allows them to upload documents and other files back to their servers.

“We discovered two emails sent from {BLOCKED}[email protected] on Nov 11 and Nov 8 that primarily targeted the Government of Israel,” Trend Micro senior threat researcher Nart Villeneuve, said in a blog post earlier this week. “One of the emails was sent to 294 email addresses.”

Nonetheless, the motives of the attackers remain unclear. If, after the Norman report, one may have speculated that the attackers have a political order of business connected to Israel and the Palestinian territories, after Trend Micro’s latest findings. It’s harder to guess what drives them.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Exploit Kit activity on a steep decline since April

As malware writers are moving to Neutrino and RIG exploit kits (EK) for dispersal needs, security experts …