The cyber campaign uses social engineering and sophisticated evasion tactics, including a novel malware-delivery method, to compromise hundreds of Microsoft Office users.
March 19, 2024 By Elizabeth Montalbano
A malicious email campaign is targeting hundreds of Microsoft Office users in US-based organizations to deliver a remote access trojan (RAT) that evades detection, partially by showing up as legitimate software.
In a campaign dubbed "PhantomBlu" by researchers at Perception Point, attackers impersonate an accounting service in email messages that invite people to download a Microsoft Office Word file, purportedly to view their "monthly salary report." Targets receive detailed instructions for accessing the password-protected "report" file, which ultimately delivers the notorious NetSupport RAT, malware spun off from the legitimate NetSupport Manager, a legitimately useful remote technical support tool. Threat actors previously have used the RAT to footprint systems before delivering ransomware on them.
