Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

New Kedi RAT Uses Gmail to Exfiltrate Data

Kedi RAT Pretends to be a Citrix Utility, Transfers Data Using Gmail

A newly discovered remote access Trojan (RAT) capable of evading security scanners communicates with its command and control (C&C) server via Gmail, Sophos has discovered.

Dubbed Kedi, the RAT was designed to steal data and is being spread via spear-phishing emails, the security researchers say. The observed attacks appear targeted with the malicious payload masquerading as a Citrix utility.

The RAT’s capabilities aren’t out of the ordinary: AntiVM/anti-sandbox features, the ability to extract and run embedded secondary payloads, file download/upload backdoors, screenshot grabbing, keylogging, and the ability to extract usernames, computer names, and domains. According to Sophos, most of these features are command-driven.

What makes the Trojan stand out from the crowd, however, is its ability to communicate with its C&C using Gmail (the Basic HTML version). Nonetheless, the malware can also talk to...(continued)

View All Trending Stories