A recently discovered malware dropper has the ability to use nearly a dozen decoy document file formats to drop various payloads, Palo Alto Networks security researchers warn. Dubbed CARROTBAT, the customized dropper is being used to deliver lures primarily pertaining to the Korean region, revolving around subjects such as crypto-currencies, crypto-currency exchanges, and political events.
To date, Palo Alto Networks identified 29 unique CARROTBAT samples, containing a total of 12 confirmed unique decoy documents. The dropper first emerged in March 2018, but most of its activity was observed over the past three months.
Read more about the CARROTBAT malware dropper on SecurityWeek.