NetWire RAT Makes a Comeback

The NJCCIC recently detected attempts to install the NetWire remote access trojan (RAT) onto State systems. NetWire has been around since 2012 and in 2016 a new version was observed stealing payment card data from infected networks. The trojan spreads via phishing emails containing malicious attachments and has been used to target financial and healthcare organizations. While there is often a focus on the newest malware variants, this is an example of how a years-old trojan could still successfully enter your network and steal sensitive financial information. The NJCCIC recommends users and administrators review the NJCCIC threat profile on NetWire and ensure they are running a reputable and up-to-date anti-virus/anti-malware program to protect them against known threats.

AlertNJCCICRemote Access, trojan