Java RAT attacking users in UAE and UK

Individuals being targeted by Java Trojan that can take over PCs

Tags: Symantec Corporation
  • E-Mail
Java RAT attacking users in UAE and UK Symantec is warning of Java Remote Access Trojan attack that can take over a user's PC.
By  Mark Sutton Published  March 4, 2014

Symantec is warning of a Java attack that appears to be mainly targeting users in the UAE and UK.

The Java remote access Trojan (JRAT) is being sent to users in a spam campaign, as an attachment to an email that claims the Trojan is a payment certificate.

If the attachment is opened, the JRAT will infect the computer, potentially giving attacks full control over the infected device.

The security company said that while this particular JRAT is nto new, it appears to have been customised for the campaign, and the attacks appear to be targeting specific individuals.

The JRAT seems to be aimed at individuals, Symantec said, due to the low number of victims, a unique dropper, one command-and-control (C&C) server and the fact that the majority of these spam messages were sent to personal email addresses.

The malicious email attachment, which has the file name Paymentcert.jar, is detected as Trojan.Maljava. If the Trojan is executed, it will drop JRAT, detected as Backdoor.Jeetrat, on the compromised computer. The RAT not only affects Windows PCs, but also Linux, Mac OSX, FreeBSD, OpenBSD, and Solaris computers. This RAT is not new, as we have seen it in previous targeted attacks. JRAT's builder, as seen in the following image, shows just how easy it is for an attacker to create their own customized RAT.

Symantec is advising users not to open attachments on unsolicited or suspicious emails.

ACN is still looking for your input to our 2014 Security Behaviour Survey. Click the link to complete the survey and enter the draw to win an iPad Air.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code