Being active since 2014, but remaining unnoticed for over three years, the Konni RAT (remote access Trojan) is now back in action, as per the latest warning from the US Cybersecurity and Infrastructure Security Agency (CISA).
This latest wave of phishing attacks was realized to be delivering the Konni RAT in August 2020.
The malware can now log keystrokes, capture screenshots, steal files, collect information about the infected system, and steal the relevant credentials from major browsers.
The phishing messages used weaponized Microsoft Word documents with malicious Visual Basic Application (VBA) macro code to deploy the KONNI malware.
The malicious code can change its font color from light grey to black to trick the victim into activating content, check whether the Windows OS is a 32-bit or 64-bit version, and to run commands for downloading additional files.