"Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT"
RomCom Remote Access Trojan (RAT) operators are expanding their campaigns by using rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro. The operation's targets include victims in Ukraine and select English-speaking countries such as the UK. Considering the geography of the targets and the current geopolitical situation, the BlackBerry Threat Research and Intelligence Team believes the RomCom RAT threat actor is unlikely to be motivated by cybercrime. The latest findings follow the Canadian cybersecurity firm's reveal of a spear-phishing campaign aimed at Ukrainian entities in order to install a RAT known as RomCom RAT. To distribute the implant, the unknown threat actor has also been observed using trojanized variants of Advanced IP Scanner and pdfFiller as droppers. The most recent iteration of the campaign involves creating decoy lookalike websites with similar domain names, then uploading a malware-laced installer bundle of the malicious software and sending phishing emails to targeted victims. This article continues to discuss the operators of RomCom RAT using rogue versions of SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro.