Fake WHO Safety Emails on COVID-19 Dropping Nerbian RAT Across Europe

The novel Nerbian RAT (remote access trojan) is currently targeting’ entities in Spain, Italy, and the United Kingdom.

Proofpoint’s security researchers have warned users of a new RAT dubbed Nerbian written in the Go programming language and targeting entities in the UK, Italy, and Spain.

The malware name is based on its code, which bears references to the name of a fictional place in the novel Don Quixote.

“It is written in operating system (OS) agnostic Go programming language, compiled for 64-bit systems, and leverages several encryption routines to further evade network analysis,” researchers wrote.

The RAT can log keystrokes, launch arbitrary commands, capture screenshots, and exfiltrate data to a remote C2 server. The threat actor behind this campaign is yet unknown.

How is Nerbian RAT Distributed?

Nerbian RAT is distributed through a phishing campaign using fake COVID-19 theme emails. The emails are less than 100 in number and are disguised to be sent by the World Health Organization regarding COVID-19 related safety measures.

Furthermore, victims are encouraged to open a macro-laced MS Word document to receive the latest health advice from the organization. Researchers further noted that the campaign has been active since 26 April 2022.

When the macros are

Read More: https://www.hackread.com/fake-who-covid-safety-emails-nerbian-rat-europe/