There is a hacking group that has been developing over the past several years greatly. It is called TAT505, and researchers believe that this group is behind the notorious Locky Ransomware campaigns and the Dridex banking Trojan. The TAT505 group appears to target companies in the finance industry, mainly. The hacking group is known to launch attacks all around the globe – the United States, Canada, Singapore, Greece, Sweden, Georgia and others. When malware researchers studied the latest TAT505 campaigns, they came across two previously unknown malware families – the SDBBot RAT and the Get2 Trojan downloader.
Collects Data and Delivers a Secondary Payload
Much like most Trojan downloaders, once the Get2 Trojan infiltrates a host, it will start collecting information regarding the hardware of the host and the software present. All the gathered data will then be forwarded to the operators’ server. This information helps the attackers determine how to continue the operation in the most efficient manner. When the authors of the Get2 Trojan make up their minds, the threat will receive a secondary payload, which will be planted on the compromised system swiftly. Malware researchers have determined three separate second-stage payloads, which are deployed with the help of the Get2 Trojan downloader:
- On the 9th of September, the TAT505 group launched campaigns targeting financial institutions located in the UAE, Greece, Lithuania, Singapore and others.
- On the 20th of September, the hacking group went after victims operating in the finance industry in the United States and Canada.
- On the 7th of October, the attackers concentrated all their efforts on targets in the United States only.
The infection triguer used by the attackers was macro-laced email attachments. The target would receive a compromised Microsoft Excel document attached to an email. In the campaign that took place on the 7th of October, the TAT505 group opted to host the threatening attachment files on external servers. The URL links in the email were shortened promptly. If the attackers manage to convince their target to open the corrupted attached file, the Get2 Trojan downloader will be given the green light to begin the attack. The Get2 Trojan will then wait to receive the second-stage payload, which is meant to be installed on the compromised computer. The Get2 Trojan downloader is known to deploy four different secondary payloads – the de hackers, the FlawedGrace RAT, the '.snatch file Extension' Ransomware and the FlawedAmmyy RAT.
It is clear to see that the Get2 Trojan downloader is among the favorite hacking tools of the TAT505 group; thus we will likely continue to hear about this threat in the future. Businesses need to start taking cybersecurity more seriously, as there are an ever-increasing number of threats lurking on the Internet.
Do You Suspect Your PC May Be Infected with Get2 & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Get2 as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.