Hackers Deliver AsyncRAT Through Weaponized WSF Script Files


The AsyncRAT malware, which was previously distributed through files with the .chm extension, is now being disseminated via WSF script format. The WSF file was found to be disseminated in a compressed file (.zip) format through URLs included in emails.

AsyncRAT spreads through a variety of strategies and tactics. Malspam and phishing efforts, which mimic legitimate messages like DHL shipment updates with malicious file attachments, are the most prevalent infection vectors.

Threat actors are still creating and using cutting-edge and unique ways to spread AsyncRAT, such as “fileless” injection, which loads the main AsyncRAT binary into memory and runs it without requiring the target system to have a file installed.

How is the AsyncRAT Disseminated via WSF Script?

The AhnLab Security Emergency Response Center (ASEC) reports that the downloaded zip file is decompressed to produce a file with the .wsf file extension. 

This file just has one