Nerbian RAT Malware, New Threat on The Market

Nerbian RAT, a novel malware variant that comes with a long list of capabilities, including the ability to avoid detection and analysis by security researchers, has been recently spotted.

The new remote access trojan is written in the Go programming language, compiled for 64-bit systems, and it’s currently being distributed through a small-scale email distribution operation that uses macro-laced document attachments.

Yesterday, a report on the new Nerbian RAT malware was published by researchers at cybersecurity firm Proofpoint, who were the ones to observe the email campaigns.

Nerbian RAT M.O.

The emails sent to the victims are allegedly coming from the World Health Organization (WHO) with important information concerning COVID-19.

Source

As explained by BleepingComputer, because the RAR attachments contain Word documents laced with malicious macro code, when opened in Microsoft Office with content set to “enabled,” a bat file carries out a PowerShell execution step to download a 64-bit dropper.

The dropper for Nerbian RAT, dubbed “UpdateUAV.exe,” is written in Golang as well, 3.5MB in size and UPX packed.

Executable files created in the Go language tend to be slightly larger than most other executable files. Likely, this malware is packed with UPX to reduce the overall size of

Read More: https://heimdalsecurity.com/blog/nerbian-rat-malware-new-threat-on-the-market/