CIP Cyber

AlienSpy using Global Phishing Campaigns to target Consumers and Enterprises

Table of Contents

AlienSpy, a remote access Trojan (RAT) is currently being used in global phishing campaigns to target both consumers and enterprises to steal valuable data and compromise systems.

Remote Access Trojans (RATs) are often recycled and redeveloped in the changing cybersecurity landscape. These kinds of Trojans are exploited through phishing campaigns which use flawed emails and malicious files to deliver malware payload to affect particular industries, consumers or businesses.

According to security firm Fidelis, the newly-discovered AlienSpy Trojan is currently being used in international phishing campaigns against both consumers and the enterprise, although generally has been detected in campaigns based in the technology, finance, government and energy sectors.

AlienSpy currently supports infections on Windows, Linux, Mac OSX and the Android mobile operating system.

 The Java-based Trojan provides an attacker a full access and control over a compromised system. The malware is able to collect system information including OS version, RAM data and computer name. It also uploads malware packages, capture webcam and microphone streams without consent.

The campaigns include njRAT, njWorm and Houdini RAT all of which are recognized to evolve in the nature of delivery rather than in core functionality.  The security firm believes the new RAT has benefited from “unified,” collaborative development. As a result, the Trojan is more sophisticated and has expanded functionality.

“Applying this technique makes it very difficult for network defenders to detect the malicious activity from infected nodes in the enterprise. To prevent various security tools from running, this version of AlienSpy performs various registry key changes,” the security firm said. “Infected systems could end up with botnet malware downloaded through AlienSpy RAT (e.g. Citadel) as it was observed by our security researchers during one of the infections.”

AlienSpy’s additional capabilities include sandbox detection tool, the detection and disabling of antivirus software, and the use of Transport Layer Security (TLS) cryptographic protocols to secure its connection to the command and control (C&C) server.

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

How to Detect Phishing Mails and Websites

Not long ago, phishing websites and mails looked quite unprofessional, they were peppered with spelling mistakes and had a distrustful design. Nowadays the digital fraudsters

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings