A new malware named ‘DarkWatchman’ has emerged in the cybercrime underground, and it’s a lightweight and highly-capable JavaScript RAT (Remote Access Trojan) paired with a C# keylogger.
According to a technical report by researchers at Prevailion, the novel RAT is employed by Russian-speaking actors who target mainly Russian organizations.
The first signs of DarkWatchman’s existence appeared in early November as the threat actor began distributing the malware through phishing emails with malicious ZIP attachments.