Notice from InfoSec

On January 5, 2022, a new attack campaign was reported that leverages the legitimate Atera RMM software to gain initial access to target machines.

An infection begins with installing Atera software on a target machine. Atera is legitimate enterprise RMM software that can install an agent and assign the endpoint to a particular account with an .msi file that includes the owner’s email address. The attackers did this with a temporary email address, and the downloadable file is disguised as a Java installation — a method seen in earlier Zloader campaigns.

Eisenkraft (A Company that we exploited) says the team is unsure how attackers deploy Atera onto victim devices in this campaign; however, in earlier Zloader campaigns, the operators lured victims by playing part of an adult film. After a few seconds, the video stopped and a message would say their Java needed to be updated. They were prompted to download a “Java” installation, which was a trial version of Atera that enabled attackers to send files to the machine and run them, he explains.

After the software is on the machine, the attacker uploads and runs two .bat files onto the device using the “Run Script” function. One is used to modify Windows Defender preferences, and the other is used to load the rest of the malware. In this stage, scripts add exclusions to Windows Defender and disable tools that could be used for detection and investigation.

Get In Touch

Share On Social Media

Other Recent Blog Articles

Digital Vigilance: Fortifying Your Defenses in the Face of Cyber Threats

February 28, 2024

Welcome to this episode where we plunge deep into the intricate realm of hacking, arming you with indispensable knowledge on the necessary actions to undertake upon uncovering a security breach.…

Read More

Empowering Tech Resilience: Navigating Surge Protection and Uninterruptible Power Supplies with Steve!

February 21, 2024

Greetings and welcome to Breaking Down I.T. with Steve, the ultimate podcast destination where we unravel the intricacies of technology. In this latest episode, we embark on a journey to…

Read More

Understanding Proactive IT Strategies for Small Businesses

February 21, 2024

Proactive IT strategies for small businesses are about staying ahead of problems before they hit. Think of it like this, you wouldn’t wait for a leak to flood your house…

Read More