Three Remote Access Trojans (RATs) are being used to commit a wave of attacks on companies in Columbia. These attacks result in the stealing of confidential information and the campaign has been named Operation Spalax. ESET discovered the campaign on Tuesday that is targeting government and private entities, specifically with connections to the energy and metallurgical industries in Columbia.
The campaign continues after at least 24 IP addresses were linked to the attacks in the second half of 2020. The campaign uses phishing emails that include court summons, bank account freeze warnings and false notifications for mandated COVID-19 tests. The emails contain a .PDF file linking to a .RAR archive, which if downloaded, triggers the malware. The malwares used include Remcos, njRAT and AsyncRAT, all of which are available commercially on underground forums. These RATs give access to the threat actors and are capable of keylogging, screen capture, data exfiltration, and downloading additional malware. The campaign’s infrastructure is constantly updated, allowing it to continue for the foreseeable future.
Read more: Colombian energy, metal firms under fire in new Trojan attack wave
