09/17/2021 | News release | Distributed by Public on 09/17/2021 06:16
NetWire is a publicly available, multi-platform Remote Access Trojan (RAT) that is designed to attack victims on Windows®, MacOS ®, and Linux®. This threat has been distributed in phishing campaigns via weaponized Microsoft® documents, PDFs containing download links, and archive files containing payloads. It has been seen for sale on the dark net, typically ranging in price from $40 to $140 USD.
The goal of NetWire is to perform surveillance or take control of the infected system. Once the RAT has compromised a machine, the attacker can execute a variety of remote actions from its command and control (C2) server.
The malware's surveillance abilities include logging keystrokes, capturing screenshots, and stealing passwords, as well as accessing web cameras and microphones.
DEMO VIDEO: BlackBerry vs. NetWire Malware
BlackBerry Cyber Suite and BlackBerry Guard stop these attacks.
BlackBerry customers can feel confident that our AI-driven BlackBerry® Cyber Suite, as well as our Managed Detection & Response (MDR) solution BlackBerry® Guard, are well-equipped to mitigate the risks posed by threat actors:
Prevention First
At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill-chain.
By stopping malware at this stage, BlackBerry® solutions help organizations increase their resilience. It also helps to reduce infrastructure complexity and streamline security management, ensuring your business, people and endpoints are secure.
BlackBerry Assistance
The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure.
For emergency assistance, please email us at [email protected], or use our handraiser form.
Learn more about NetWire malware in our new deep-dive blog, Threat Thursday: NetWire RAT is Coming Down the Line.
Demo Video Transcription 'In this video, we will demonstrate the root-cause analysis capabilities of BlackBerry Optics, as well as our Temporal Predictive Advantage against an infamous remote administration tool (RAT) called Netwire. We are jumping straight into BlackBerry Optics to deep-dive into the focus data presented by this threat, to better understand how it takes control of the system. First, upon execution of the initial .exe that could come as an attachment on a phishing email or downloaded from a link on a pdf, NetWire drops the test.exe file, which migrates into this host.exe file. It immediately establishes persistence to make sure it runs again if the user reboots the machine, and then you can see its heavily intensive communication with its Command and Control (C2) server. Netwire can silently log keystrokes, capture screenshots, and steal passwords, as well as accessing web cameras and microphones. Let's take a look at the BlackBerry predictive prevention, traveling back in time to (an AI model released in) October 2015. Bear in mind that this machine is completely disconnected from the Internet, with no updates in terms of our agent or operating system patches. Now, we will try to execute the original malware sample. As you can see, BlackBerry prevents it from running in milliseconds. Now let's try with 15 different variants of Netwire, publicly available from this year, 2021. We will try to execute them in sequence to make sure they all try to infect the system. As you can see, our Cylance® AI model is able to convict all these variants. Prevention is Possible, with BlackBerry.' |
The BlackBerry Research & Intelligence team examines emerging and persistent threats, providing intelligence analysis for the benefit of defenders and the organizations they serve.