The Novel Nerbian Trojan, discovered by Proofpoint, is a complex remote access trojan (RAT). The Nerbian Trojan is spreading via malicious email campaigns employing COVID-19 messages and has several capabilities to escape analysis and detection by security experts.
What is new about Nerbian RAT?
According to a Proofpoint blog post published Wednesday, the new malware type, dubbed Nerbian RAT, is developed in the multiplatform enabled OS-agnostic Go (Golang) programming language and “utilizes considerable anti-analysis and anti-reversing features.” Because the Nerbian RAT uses Go, it can potentially infect Windows and Linux users’ machines.
Why is it called Nerbian?
According to Proofpoint researchers, the name is based on a named function in the malware code and appears to be taken from “Nerbia,” a fictional town from the Don Quixote novel.
When was Nerbian RAT Discovered?
The RAT was initially discovered on April 26 in a low-volume email campaign sent to a variety of industries, primarily affecting firms in Italy, Spain, and the United Kingdom, according to Proofpoint experts.
Researchers stated that the emails purported to be from the World Health Organization (WHO) and included critical information on COVID-19. Researchers pointed out these emails are similar to previous phishing efforts that circulated in the early days of the COVID-19 pandemic in 2020.
How does the Nerbian RAT work?
The operators of Nerbian RAT imitate the World Health Organization (WHO) to send out fraudulent notifications about COVID-19- self-isolation measures for infected individuals. A Microsoft Word document containing macros is included in the spam campaign’s emails.
After the “UpdateUAV.exe” file has been downloaded, the Nerbian RAT performs a range of tasks, including recording keystrokes and taking screenshots and handling SSL connections.
What can users do?
Users can take the usual cybersecurity precautions to avoid being impacted by the Nerbian RAT. These include never downloading email attachments from unverified senders and keeping their security and privacy settings up to date. This is the best way to protect your business critical infrastructure and