NetWire

In news: NetWire was in news with respect Elgar Parishad case accused Rona Wilson(installation of the NetWire remote access Trojan (“RAT”) on Wilson’s computer)

About the NetWire

• It is a remote access Trojan focused on password stealing and keylogging, as well as including remote control capabilities.
• It  has been used by malicious groups since 2012 and distributed through various social engineering campaigns (malspam)
• This multi-platform malware has since undergone several upgrades and was identified in different types of attacks that range from Nigerian scammers to advanced persistent threat (APT) attacks.
• As per the experts, NetWire RAT has been observed during 2020 as one of the most active botnets.
• The threat spreads essentially through COVID-19 themed attacks
• This malware was one of the malware families most exploited in COVID-19 phishing campaigns between February and April 2020.

How does it work?

• Nowadays, NetWire is often launched via social engineering campaigns or as a later payload of another malware chain. 
• Criminals send emails with malicious files attached to a wide number of users and expect at least someone to open the infected file. 
• Once a victim clicks on it, the malware file is downloaded onto the victim’s computer. 
• The shared files often used by crooks are PDF, Word and IMG files
• As a result, after clicking on the shared URL, the next stage is downloaded onto the victim’s computer
• After being executed on the victim’s side, several anti-analysis techniques to protect it from being analyzed are executed. 
• It dynamically extracts the malicious code into the memory and executes it in order to bypass Antivirus detection.