Researchers have uncovered a two-year-old cyber-espionage campaign that’s been infecting Ukrainians with either a newly discovered remote access tool called Vermin or the more established Quasar RAT.
An analysis of Vermin, conducted by members of Palo Alto Networks’ Unit 42 threat research team, determined that the reconnaissance malware collects infected victims’ keystrokes and clipboard data, and is also capable of deleting and downloading files, renaming files and folders, uploading and deleting files, and capturing audio and video.
Palo Alto was tipped off to Vermin by a fellow researcher who tweeted an image of a decoy document that purports to be an official order from the Ukrainian Ministry of Defence. The document was served up by a malicious SFX file (distributed via a phishing campaign) that executes the malware infection when opened.
Upon further investigation, the researchers soon found additional Vermin samples, revealing a larger command-and-control infrastructure that