HIPAA Journal has published an article warning of a new malware campaign targeting healthcare and pharmaceutical organizations, involving a stealthy remote access trojan called ResolverRAT. Delivered through phishing emails disguised as legal notices, the malware uses Dynamic-Link Library side-loading and runs entirely in memory, evading traditional antivirus and endpoint protection tools.
Discovered by Morphisec researchers, ResolverRAT uses advanced evasion techniques, such as custom certificate validation, obfuscated IP rotation, and file-splitting during exfiltration. It also establishes persistence by modifying multiple registry keys and hiding in common system folders.
The campaign is attributed to a highly sophisticated threat actor, though their identity remains unknown. Experts recommend strong privilege management, behavior-based detection, memory activity audits, and ongoing phishing awareness training to mitigate the threat. As Netwrix’s Dirk Schrader notes, limiting admin rights is a key step in preventing malicious installations. For more information, refer to the HIPAA Journal article.