VERY IMPORTANT

The Morphisec Labs team has tracked a unique and ongoing RAT delivery campaign that started in February of this year. This campaign is unique in that it heavily uses the AutoHotKey scripting language-a fork of the AutoIt language that is frequently used for testing purposes. Starting in February, Morphisec Labs identified at least four versions of the RAT delivery campaign, each of which includes multiple advancements and adaptations over the past three months. This blog post dives into the details of each attack chain, while highlighting interesting and rare techniques that the attackers use.