KHRAT Trojan sweeps across Cambodia
- CEOCambodiaNews
- Expatriate
- Posts: 62434
- Joined: Sun Oct 12, 2014 5:13 am
- Reputation: 4034
- Location: CEO Newsroom in Phnom Penh, Cambodia
- Contact:
KHRAT Trojan sweeps across Cambodia
4 September 2017
The KHRAT Trojan has been spotted targeting citizens of Cambodia with new capabilities and weaponry.
The Remote Access Trojan (RAT) has been in the wild for some time, but this year, more modern variants have emerged.
According to Palo Alto Networks' Unit 42 security team, KHRAT is currently being used by threat actors to target Cambodian citizens, with the overall aim of enslaving PCs, stealing information including system language and IP address, and spying through the use of keylogging, screenshots, and remote shell access.
In a blog post, the group said there has been an uptick in activity in recent months, while the first surge against Cambodian victims was discovered back in June.
KHRAT is now being deployed through fresh spam and phishing campaigns, with fraudulent emails containing weaponized attachments relating to the Mekong Integrated Water Resources Management Project (MIWRMP), a million-dollar scheme funded by the World Bank which is currently being deployed to improve water and fisheries management in North Eastern Cambodia.
One malicious document used to spread the RAT is called "Mission Announcement Letter for MIWRMP phase three implementation support mission, June 26-30, 2017(update).doc," which relates to the project in its current design stage.
The attachment, however, contacts a Russian IP address and uses the domain update.upload-dropbox[.]com in order to dupe victims into believing they are connecting to the legitimate Dropbox cloud storage service...
Full article :
http://www.zdnet.com/article/khrat-troj ... -cambodia/
The KHRAT Trojan has been spotted targeting citizens of Cambodia with new capabilities and weaponry.
The Remote Access Trojan (RAT) has been in the wild for some time, but this year, more modern variants have emerged.
According to Palo Alto Networks' Unit 42 security team, KHRAT is currently being used by threat actors to target Cambodian citizens, with the overall aim of enslaving PCs, stealing information including system language and IP address, and spying through the use of keylogging, screenshots, and remote shell access.
In a blog post, the group said there has been an uptick in activity in recent months, while the first surge against Cambodian victims was discovered back in June.
KHRAT is now being deployed through fresh spam and phishing campaigns, with fraudulent emails containing weaponized attachments relating to the Mekong Integrated Water Resources Management Project (MIWRMP), a million-dollar scheme funded by the World Bank which is currently being deployed to improve water and fisheries management in North Eastern Cambodia.
One malicious document used to spread the RAT is called "Mission Announcement Letter for MIWRMP phase three implementation support mission, June 26-30, 2017(update).doc," which relates to the project in its current design stage.
The attachment, however, contacts a Russian IP address and uses the domain update.upload-dropbox[.]com in order to dupe victims into believing they are connecting to the legitimate Dropbox cloud storage service...
Full article :
Spoiler:
Join the Cambodia Expats Online Telegram Channel: https://t.me/CambodiaExpatsOnline
Cambodia Expats Online: Bringing you breaking news from Cambodia before you read it anywhere else!
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT US
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
Facebook
Twitter
YouTube
Instagram
Cambodia Expats Online: Bringing you breaking news from Cambodia before you read it anywhere else!
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT US
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
YouTube
- CEOCambodiaNews
- Expatriate
- Posts: 62434
- Joined: Sun Oct 12, 2014 5:13 am
- Reputation: 4034
- Location: CEO Newsroom in Phnom Penh, Cambodia
- Contact:
Re: KHRAT Trojan sweeps across Cambodia - Cambodia's malware problem
Malware vulnerability high in Kingdom, report notes
Mon, 4 September 2017
Cambodia is among the most vulnerable countries in Asia when it comes to viruses, spam, spyware and other cyberthreats, according to a recent report from Microsoft.
Approximately one in four computers running Microsoft security products in Cambodia reported encountering malware in the first quarter of this year, according to the company’s global security intelligence report, released August 17. That’s more than double the global average of 9 percent, and twelve times the rate in Japan, where only 2 percent of computers reported a malware encounter.
Within Asia, only Bangladesh and Pakistan had more run-ins with malicious software, according to the report, which found that developing Asian countries were among the world’s most vulnerable.
Microsoft Asia spokesman Andrew Pickup said that was largely due to pirating software.“There is a well-established link between software piracy and the presence of malware,” Pickup said in an email...
http://www.phnompenhpost.com/national/m ... port-notes
Mon, 4 September 2017
Cambodia is among the most vulnerable countries in Asia when it comes to viruses, spam, spyware and other cyberthreats, according to a recent report from Microsoft.
Approximately one in four computers running Microsoft security products in Cambodia reported encountering malware in the first quarter of this year, according to the company’s global security intelligence report, released August 17. That’s more than double the global average of 9 percent, and twelve times the rate in Japan, where only 2 percent of computers reported a malware encounter.
Within Asia, only Bangladesh and Pakistan had more run-ins with malicious software, according to the report, which found that developing Asian countries were among the world’s most vulnerable.
Microsoft Asia spokesman Andrew Pickup said that was largely due to pirating software.“There is a well-established link between software piracy and the presence of malware,” Pickup said in an email...
http://www.phnompenhpost.com/national/m ... port-notes
Join the Cambodia Expats Online Telegram Channel: https://t.me/CambodiaExpatsOnline
Cambodia Expats Online: Bringing you breaking news from Cambodia before you read it anywhere else!
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT US
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
Facebook
Twitter
YouTube
Instagram
Cambodia Expats Online: Bringing you breaking news from Cambodia before you read it anywhere else!
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT US
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
YouTube
Who is online
Users browsing this forum: No registered users and 207 guests