Priya PatelTLDR:
– Rogue Raticate, a cybercriminal group, is targeting enterprises with weaponized PDFs delivering NetSupport RAT.
– The malicious PDFs use social engineering tactics to trick recipients into clicking on malicious URLs.
Beware of Weaponized PDFs that Deliver NetSupport RAT
The cybercriminal group Rogue Raticate, also known as RATicate, has launched a new campaign targeting enterprises. This group is infamous for infiltrating corporate networks with malicious emails and remote access trojans (RATs). Their latest attack involves using weaponized PDF files to deliver the NetSupport RAT.
The malicious PDFs are disguised as innocuous attachments with names like “unpaid-7985652547.pdf” and “Paper-2445311685.pdf.” These files contain malicious URLs that redirect users through a Traffic Distribution System (TDS) to deploy the NetSupport RAT on their machines.
To counter this threat, cybersecurity experts recommend scanning business email inboxes for advanced threats and cautioning users to exercise vigilance when handling unsolicited emails and attachments. Symantec has implemented protective measures, such as file-based detections, to mitigate the risk posed by Rogue Raticate’s evolving tactics.
