Carp Downloader Description
Malware researchers first spotted the Carp Downloader back in 2017. In this campaign from 2017, the Carp Trojan downloader was utilized alongside a threat called the Cardinal RAT (Remote Access Trojan). At first, experts spotted the Carp Trojan downloader present on infiltrated machines of several companies from Israel that operate in the financial industry. Shortly after, researchers noticed that the Cardinal RAT was present on the compromised systems alongside the Carp Trojan downloader.
This operation from 2017 was carried out with the help of phishing emails. The targets would receive a corrupted document attached to the specifically tailored email. The emails in question appeared to contain an important document that needs to reviewed urgently, such as an invoice, payment details, etc. If the targeted user fell for the attackers’ trickery and opened the corrupted attachment, a macro-script would be executed. The goal of the script in question is to exploit a known vulnerability in the Microsoft Office service.
So far, in every instance where cybersecurity experts spotted the Cardinal RAT, it would appear that the threat was delivered with the help of the Carp Trojan downloader. However, this does not mean that the Cardinal RAT would not be able to operate without the Carp threat, as any other Trojan downloader would do the job too.
If you want to keep away from falling victim to a threat like the Carp Trojan downloader, do not forget to install a reputable anti-malware application that will keep your data and your system safe.