"Escanor Malware Delivered in Weaponized Microsoft Office Documents"

Resecurity, a Los Angeles-based cybersecurity firm that protects Fortune 500 companies around the world, has discovered Escanor, a new Remote Administration Tool (RAT) being advertised on the Dark Web and Telegram. The threat actors provide RAT versions for Android and PC, as well as an HVNC module and exploit builder for weaponizing Microsoft Office and Adobe PDF documents to deliver malicious code. On January 26 of this year, the tool was released for sale as a compact HVNC implant capable of establishing a silent remote connection to the victim's computer, and was later transformed into a full-scale commercial RAT with a robust feature set. Escanor has established a credible reputation on the Dark Web, attracting over 28,000 Telegram subscribers. Previously, the actor with the same name released 'cracked' versions of other Dark Web tools such as Venom RAT, 888 RAT, and Pandora HVNC, which were most likely used to enhance Escanor's functionality. Cybercriminals actively use the mobile version of Escanor (also known as "Esca RAT") to attack online banking customers by intercepting OTP codes. To steal data, the tool can collect the victim's GPS coordinates, monitor keystrokes, activate hidden cameras, and browse files on remote mobile devices. This article continues to discuss findings surrounding the Escanor malware.

Help Net Security reports "Escanor Malware Delivered in Weaponized Microsoft Office Documents"