MINEBRIDGE RAT

The MINEBRIDGE RAT is a threatening piece of malware compatible with Windows systems. The goal of this Remote Access Trojan (RAT) is to provide remote attackers with access to the compromised system, as well as the ability to execute various tasks on it. Usually, these capabilities are abused to collect confidential data, monitor the victim, or carry out other covert and harmful operations. Recently, a mass email spam campaign spreading the MINEBRIDGE RAT has been detected by cybersecurity experts. Their analysis shows that the criminals are relying on fake Microsoft Word documents tailored to look like legitimate job resumes. The Word documents are laced with corrupted macro scripts designed to exploit vulnerabilities in outdated software and deploy the MINEBRIDGE RAT.

The method that MINEBRIDGE RAT uses to gain control over the infected device is very interesting. The criminals drop an outdated version of the legitimate TeamViewer application. The catch is that this old version has a known vulnerability, which would enable a user with malicious intent to force TeamViewer to load additional DLL files that can modify the program's behavior. Thanks to this, the MINEBRIDGE RAT may execute a hidden instance of TeamViewer that would grant them control over the infected device.

To gain persistence, MINEBRIDGE RAT creates an LNK file called 'Windows Logon' and drops it in the Windows Startup directory. The name of the file may leave users under the impression that it is a legitimate Windows component but, in reality, it is meant to execute the RAT's corrupted files.

Users can protect themselves from RATs of this sort by using a regularly updated anti-malware software suite.