COVERT RAT: Phishing Campaign
Essential information
- Published
- 16/03/2026 15:29
- Modified
- 16/03/2026 18:22
- Tags
- 2026-03-16 anti-analysis argentina covert rat judicial-sector multi-stage infection phishing remote access trojan rust-based malware spear-phishing
- Related entities
- 6 observables, 1 malware, 2 others
Description
A sophisticated multi-stage infection chain targets Argentina's judicial ecosystem using spear-phishing tactics and authentic-looking judicial content. The campaign employs a carefully crafted ZIP archive containing a weaponized LNK shortcut, BAT-based loader script, and judicial-themed PDF decoy. The attack chain leads to the deployment of a Rust-based Remote Access Trojan (RAT) that demonstrates extensive anti-VM, anti-sandbox, and anti-debugging techniques. The RAT establishes a resilient command-and-control channel, supports modular commands for various malicious activities, and implements full lifecycle management. The operation, dubbed 'Operation Covert Access,' aims to secure long-term access within high-trust institutional settings, highlighting the need for improved defenses against socially engineered intrusion chains.