Malware Campaigns and Phishing Attacks: A Growing Concern
Recent Threats and Vulnerabilities
AsyncRAT Malware Campaign
A recent malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels.
AsyncRAT: A Remote Access Trojan
AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication.
Exploiting TryCloudflare Tunnels
The malware campaign utilizes TryCloudflare tunnels to deliver the AsyncRAT payload, making it challenging to detect and block.
Recent Research by CloudSEK
Recent research by CloudSEK has also demonstrated that it’s possible to exploit Zendesk’s infrastructure to facilitate phishing attacks and investment scams.
Exploiting Zendesk’s Infrastructure
Zendesk allows a user to sign up for a free trial of their SaaS platform, allowing registration of a subdomain, that could be misused to impersonate a target.
Phishing Attacks and Investment Scams
Attackers can use these subdomains to deliver phishing emails by adding the targets’ email addresses as "users" to the Zendesk portal.
Lack of Email Checks
Zendesk does not conduct email checks to invite users, which means that any random account can be added as a member. Phishing pages can be sent, in the guise of tickets assigned to the email address.
Conclusion
Malware campaigns and phishing attacks are becoming increasingly sophisticated, making it essential for individuals and organizations to stay vigilant and take proactive measures to protect themselves.
Stay Informed
Follow us on Twitter and LinkedIn to read more exclusive content we post.
