A new phishing campaign uses fake resume attachments designed to deliver Quasar Remote Administration Tool (RAT) malicious payloads onto the Windows computers of unsuspecting targets.

From csirt.cy

Phishing is used by crooks to trick potential victims using social engineering techniques into handing over sensitive information via fraudulent websites they control or to deliver malicious content via e-mails appearing to be sent by someone they know or by a legitimate organization.

While using fake resumes and various other types of documents is a very common trick abused by cybercriminals operating malspam campaigns, the one targeting Windows users with the Quasar Remote Administration Tool (RAT) spotted by Cofense researchers also adds multiple anti-analysis methods to camouflage the infection vectors.

Quasar RAT is a well-known open-source RAT developed using the C# programming language and known to have been used by a wide range of hacking groups including APT33, APT10, Dropping Elephant, Stone Panda, and The Gorgon Group.

Quasar’s capabilities include but are not limited to opening remote desktop connections, logging the victims’ key strokes and stealing their passwords, capturing screen snapshots and recording webcams, downloading and exfiltrating files, and managing processes on infected machines.

Read more…