07 December 2023

Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis

This week our analysts discovered a new campaign that plays on these concerns by trying to lure Germans with a promise of updates on the current threat situation in Ukraine. Decoy site lures victims with Ukraine situation Threat actors registered an expired German domain name at collaboration-bw[. The website promises important information and tips about the Ukraine crisis RAT (Status.txt)Status.txt is a RAT written in PowerShell. The Malwarebytes Threat Intelligence team continues to monitor attacks taking advantage of the war in Ukraine while ensuring our customers are protected.