Attackers target Russian organizations with the new Woody RAT malware

On Wednesday, Hackers attacks Russian organizations with the newly discovered malware, allowing them to take control and steal information from compromised devices remotely.

According to Malwarebytes, one of the Russian organizations which were targeted using this malware is a government-controlled defense corporation.

The Malwarebytes Labs researchers said that on the basis of a fake domain registered by the hackers, they know that they tried to attack a Russian aerospace and defense entity known as OAK.

Dubbed Woody Rat, this remote access trojan (RAT) has a wide range of capabilities. It has been used in attacks for at least a year.

It is currently delivered onto targets’ computers through phishing emails from two distribution methods, ZIP archive files having the malicious payload or Information security memo Microsoft Office documents that exploit the Follina vulnerability to withdraw the payloads.

The researchers further said that the earliest versions of this malware were typically archived into a zip file that pretended to be a document specific to a Russian group.

According to Bleeping Computer, Its list of features involves collecting system information, listing folders and running processes, executing commands and files received from its command-and-control (C2) server, downloading, uploading, and deleting files on infected machines, and taking screenshots.