TAG cybersecurity experts: The breadth of targets in those campaigns stands in contrast to many government-backed operations.
Technical analysis by the Malware Hunter JAMESWT
GIMP is the latest cybercrime bait to deliver redline stealers and SectopRAT. The loader not only downloads the installer of the legitimate software, but also the two malware, including the RAT which guarantees attackers control of the infected PC
GIMP, the popular image manipulation tool, is used by cybercrime as a bait to carry redline stealers and, probably, SectopRAT. The tool is a program loader. This downloads the installer of the legitimate software. In parallel, however, it also performs the hidden download of a redline stealer and another malware which, according to Intezer’s detection, is SectopRAT. As a result, the victim is unaware that they have been infected, as GIMP has actually been downloaded. The Remote Access Trojan is particularly insidious as it grants remote attackers full access and control to the infected machine.