7.Locks HexConnections

Threat actors have been leveraging polyglot and malicious Java archive files to distribute the StrRAT and Ratty remote access trojans to evade detection by security solutions, The Hacker News reports.

Deep Instinct researchers discovered that the StrRAT payload has been deployed in a campaign leveraging both JAR and MSI file formats, indicating potential execution via Windows and Java Runtime Environments.


Meanwhile, a separate campaign involved the deployment of StrRAT and Ratty using the CAB and JAR polyglots, with URL shortening services rebrand.ly and cutt.ly leveraged to spread the artifacts, according to the report.