VERY IMPORTANT

EITest: HoeflerText Popups Targeting Google Chrome Users Now Push RAT Malware Brad Duncan By Brad Duncan September 1, 2017 at 5:00 AM Category: Unit 42 Tags: EITest, HoeflerText, malware, RAT 15 (0) The attackers behind the EITest campaign have occasionally implemented a social engineering scheme using fake HoeflerText popups to distribute malware targeting users of Google’s Chrome browser. In recent months, the malware used in the EITest campaign has been ransomware such as Spora and Mole. However, by late August 2017, this campaign began pushing a different type of malware. Recent samples are shown to infect Windows hosts with the NetSupport Manager remote access tool (RAT). This is significant, because it indicates a potential shift in the motives of this adversary. Today’s blog reviews recent activity from these EITest HoeflerText popups on August 30, 2017 to discover more about this recent change.