Sophisticated new ResolverRAT malware targeting healthcare and pharmaceutical sectors - #ResolverRAT
A new remote access trojan called ResolverRAT has emerged, targeting healthcare and pharmaceutical sectors globally through sophisticated phishing campaigns. Discovered by Morphisec Labs, this malware employs advanced techniques such as in-memory execution, DLL side-loading, and complex obfuscation to evade detection. ResolverRAT is distributed via localized phishing emails containing themes of legal or copyright violations, and uses a unique loader and payload architecture. The malware's capabilities include data exfiltration, certificate-based authentication, and IP rotation for C2 communication. Its advanced design, including encryption, compression, and multiple persistence methods, suggests involvement of a highly skilled threat actor. While the campaign's perpetrators remain unidentified, there are potential links to actors behind similar attacks.