Malicious Python payloads and TryCloudflare tunnels have been used to facilitate AsyncRAT trojan delivery as part of a new malware campaign, according to The Hacker News.Attacks commenced with the delivery of phishing emails with a Dropbox link that downloads a ZIP archive containing an internet shortcut file with a TryCloudflare URL that fetches an LNK file for further compromise, a report from Forcepoint X-Labs showed. Such an LNK file leads to PowerShell execution of a JavaScript code eventually resulting in the download of another ZIP archive with a Python payload for running AsyncRAT and other payloads. Such a campaign — which resembles previous attacks spreading AsyncRAT, Venom RAT, Remcos RAT, and XWorm, among others — "has again shown how hackers can use legitimate infrastructures like Dropbox URLs and TryCloudflare to their advantage. Payloads are downloaded through Dropbox URLs and temporary TryCloudflare tunnel infrastructure, thereby tricking recipients into believing their legitimacy," said researcher Jyotika Singh.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds