VCURMS and STRRAT Trojans Using AWS and GitHub as Launchpads

Summary: A sophisticated phishing campaign is targeting personnel, enticing them to click on a seemingly innocuous button to authenticate payment details. However, this action initiates the download of a harmful JAR file from Amazon Web Services (AWS) onto the victim's device. This malicious file serves as a gateway for installing a Java downloader, with the intent of distributing VCURMS and STRRAT remote access trojans (RATs). Threat Level - Amber | Attack Report For a detailed threat advisory, download the pdf file here To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.