Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
Researchers have recently identified a new malspam campaign that delivers the Wacatac Trojan. Attackers compressed an executable in different types of archive file attachments. If potential victims extract and execute those attachments, they will most likely become infected. The campaign began on August 21, 2020 and is still ongoing up to today August 31. The involved spams attract victims’ attention using important banking information as an email subject. Many of them attach a RAR archive file, but it could also be an ACE archive.
On Windows platforms, if the victim opens it, regsvcs.exe will start and, in turn, trigger a process to gather the user’s personal information on the file system. Here’s the infection process.
At the same time, it also establishes a communication session between a remote controller (i.e. 220-cpanel-02.wlink.com.np or 250-cpanel-02.wlink.com.np) and the infected device via Extended Simple Mail Transfer Protocol (ESMTP). This connection is supposedly used by the remote controller(s) to take control of the infected device.