A threat actor tracked as SideCopy, a group of Pakistani origin with overlaps with another actor called Transparent Tribe, is conducting a spear-phishing campaign aimed at deploying the updated version of a backdoor called ReverseRAT.
Recent attack campaigns have focused on a two-factor authentication solution used by Indian government officials. Once ReverseRAT gains persistence, it collects data, encrypts it using RC4, and sends it to the command-and-control (C2) server.
