RuRAT

RuRAT is a legitimate software application that provides users with remote access to the machines it is installed on. Unfortunately, like most remote access tools, this one also is being exploited by cybercriminals to give them illegitimate access to the victim's devices. Once deployed on the targeted computers successfully, RuRAT allows the attackers to assume full control. Depending on the specific goals of the threat actors, they can try to harvest account credentials or other data types or leverage the compromised device to start spreading inside the network laterally.

Cybercriminals Posing as VC Firm

The threatening campaign deploying RuRAT shows considerable effort on the part of the attackers and appears to target an extremely limited number of victims in what is known as spear-phishing. In the initial phase of the campaign, the attackers send a bait email to the chosen entity. In the message, the hackers claim to be a group of venture capitalists that want to make a significant investment. To get further details, the potential victim is told to either call the hackers via phone or contact them through the Vuxner chat application.

Bait Website

Searching for the Vuxner chat leads to a professionally designed and legitimate-looking website for a messaging application that advertises itself as having next-level security measures. However, this carefully crafted facade starts to crumble rather quickly, upon attempting to download the so-called Vuxner chat. Indeed, the Vuxner.exe file downloads a messaging application named Trillian. This application serves as a decoy and, upon its installation, the RuRAT application will be dropped on the victim's system in a folder located at C:\swrbldin. Curiously enough, the cybercriminals have left a warning prompt asking users to agree with the installation of the remote access software 'Remote Utilities' that is triggered during the RuRAT installation.

The RuRAT threatening campaign once again showcases the dangers of trusting email messages from unfamiliar sources blindly or ones with few reputable sources on the Internet. Users and companies alike should always exercise caution when dealing with any unsolicited offers or seemingly urgent warnings that appear in their emails.