New ResolverRAT malware targets pharma and healthcare orgs worldwide

A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. ResolverRAT is distributed through phishing emails claiming to be legal or copyright violations tailored to languages that match the target's country. The emails contain a link to download a legitimate executable ('hpreader.exe'), which is leveraged to inject ResolverRAT into memory using reflective DLL loading. The previously undocumented malware was discovered by Morphisec, who noted that the same phishing infrastructure was documented in recent reports by Check Point and Cisco Talos. However, those reports highlighted the distribution of Rhadamanthys and Lumma stealers, failing to capture the distinct ResolverRAT payload. ResolverRAT capabilities ResolverRAT is a stealthy threat that runs entirely in memory, while it also abuses .NET 'ResourceResolve' events to load malicious assemblies ... Read full article.