“Through a simple email phishing tactic with an HTML attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted connection,” according to a report by Michael Dereviashkin, security researcher at enterprise breach prevention firm Morphisec.
The invasions start with an email message that contains an HTML attachment that looks like an order confirmation receipt (for example, Receipt-digits>.html). When the message receiver opens the decoy file, they are directed to a web page where they must save an ISO file.