Abhijit Mohanta has 13+ years of experience in the field of cybersecurity. He is author of books Malware Analysis and Detection Engineering from Springer Apress and Preventing Ransomware from Packt. He has several patents in his name and has been a speaker in well-known conferences like AVAAR and DSCI. He has worked with anti-malware teams at Symantec, McAfee, and Juniper Networks.
The Uptycs threat research team recently came across multiple document samples that download Revenge RAT. The campaign currently seems to be active in Brazil. All of the malware samples we received have the same properties. One of the samples we received has the name “Rooming List Reservas para 3 Familias.docx” (SHA-256: 91611ac2268d9bf7b7cb2e71976c630f6b4bfdbb68774420bf01fd1493ed28c7). The document has only a few detections in VirusTotal.
Uptycs' threat research team identified an XLS document that downloaded a highly vicious payload named Warzone RAT. The payload, also known as “Ave Maria stealer,” can steal credentials and log keystrokes on the victim’s machine. Checkpoint mentioned Warzone early this year when the malware was in its early stage of development.