Research discovers a new stealth JavaScript loader that uses malware to infect computers

Research found that the attackers used a previously undocumented JavaScript malware that served as a loader to distribute a series of remote access Trojans (RATs) and information-stealing programs.

HP Threat Research calls this new evasion loader "RATDispenser," which is responsible for deploying at least eight different malware families in 2021. Approximately 155 samples of this new malware have been discovered, spread across three different variants, indicating that this malicious loader is actively being developed.

"RATDispenser is used to gain an initial foothold on the system before launching secondary malware, thereby establishing a control connection to the target device." Security researcher Patrick Schläpfer said: "All payloads are lurking rats designed to steal information and allow The attacker takes control of the victim device."

As with other such attacks, the starting point for the infection is a phishing email containing a malicious attachment that is disguised as a text file but is actually obfuscated JavaScript code used to write and execute a VBScript file, which in turn, The final stage of the malware payload is downloaded on the infected machine.

RATDispenser has been observed dropping different types of malware, including STRRAT, WSHRAT (aka Houdini or Hworm), AdWind (aka AlienSpy or Sockrat), Formbook (aka xLoader), Remcos (aka Socmer), Panda Stealer, CloudEyE (aka GuLoader), and Ratty, in addition to targeting cryptocurrency wallets, each install backdoors that extract sensitive data from infected devices.

Schläpfer said: "Malware is diverse, and many malware can be purchased or downloaded for free from the underground market. This also leads to malware operators tending to give up selling some payloads directly, so the author of RATDispenser may be in the malware-as-a-service business. operating under the model.”

[refer to]

https://thehackernews.com/2021/11/this-new-stealthy-javascript-loader.html