{ "id": "62f45ad3-6e6c-4225-8687-2c40e20ef61d", "created_at": "2026-04-06T00:16:33.759037Z", "updated_at": "2026-04-10T03:21:42.016355Z", "deleted_at": null, "sha1_hash": "8517ee4f5a94bf1835d0c9ee3b96bb4383988394", "title": "Hackers Using New Evasive Technique to Deliver AsyncRAT Malware", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 578413, "plain_text": "Hackers Using New Evasive Technique to Deliver AsyncRAT\r\nMalware\r\nBy The Hacker News\r\nPublished: 2022-01-27 · Archived: 2026-04-02 11:51:25 UTC\r\nA new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware\r\ncampaign that's believed to have commenced in September 2021.\r\n\"Through a simple email phishing tactic with an HTML attachment, threat attackers are delivering AsyncRAT (a\r\nremote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted\r\nconnection,\" Michael Dereviashkin, security researcher at enterprise breach prevention firm Morphisec, said in a\r\nreport.\r\nThe intrusions commence with an email message containing an HTML attachment that's disguised as an order\r\nconfirmation receipt (e.g., Receipt-\u003cdigits\u003e.html). Opening the decoy file redirects the message recipient to a web\r\npage prompting the user to save an ISO file.\r\nBut unlike other attacks that route the victim to a phishing domain set up explicitly for downloading the next-stage\r\nmalware, the latest RAT campaign cleverly uses JavaScript to locally create the ISO file from a Base64-encoded\r\nhttps://thehackernews.com/2022/01/hackers-using-new-evasive-technique-to.html\r\nPage 1 of 3\n\nstring and mimic the download process.\r\n\"The ISO download is not generated from a remote server but from within the victim's browser by a JavaScript\r\ncode that's embedded inside the HTML receipt file,\" Dereviashkin explained.\r\nWhen the victim opens the ISO file, it is automatically mounted as a DVD Drive on the Windows host and\r\nincludes either a .BAT or a .VBS file, which continues the infection chain to retrieve a next-stage component via a\r\nPowerShell command execution.\r\nThis results in the execution of a .NET module in-memory that subsequently acts as a dropper for three files —\r\none acting as a trigger for the next — to finally deliver AsyncRAT as the final payload, while also checking for\r\nantivirus software and setting up Windows Defender exclusions.\r\nRATs such as AsyncRAT are typically used to forge a remote link between a threat actor and a victim device, steal\r\ninformation, and conduct surveillance through microphones and cameras. They provide an array of advanced\r\ncapabilities that give the attackers the ability to fully monitor and control the compromised machines.\r\nMorphisec also pointed out the campaign's advanced tactics, which it said allowed the malware to slip\r\nthrough virtually undetected by most antimalware engines despite the operation being in effect for close to five\r\nhttps://thehackernews.com/2022/01/hackers-using-new-evasive-technique-to.html\r\nPage 2 of 3\n\nmonths.\r\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content\r\nwe post.\r\nSource: https://thehackernews.com/2022/01/hackers-using-new-evasive-technique-to.html\r\nhttps://thehackernews.com/2022/01/hackers-using-new-evasive-technique-to.html\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://thehackernews.com/2022/01/hackers-using-new-evasive-technique-to.html" ], "report_names": [ "hackers-using-new-evasive-technique-to.html" ], "threat_actors": [], "ts_created_at": 1775434593, "ts_updated_at": 1775791302, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/8517ee4f5a94bf1835d0c9ee3b96bb4383988394.pdf", "text": "https://archive.orkl.eu/8517ee4f5a94bf1835d0c9ee3b96bb4383988394.txt", "img": "https://archive.orkl.eu/8517ee4f5a94bf1835d0c9ee3b96bb4383988394.jpg" } }