Quote:Security researchers have discovered an ongoing phishing campaign distributing a new remote access trojan (RAT) and actively targeting commercial banking customers with keyloggers and information stealers.
 
The new malware, dubbed WSH Remote Access Tool (RAT) by its creator, is a variant of the VBS (Visual Basic Script) based Houdini Worm (H-Worm) first created and spread in 2013.
 
Besides being ported to JavaScript and using a different User-Agent string and delimiter character when communicating with its command-and-control (C2) server, WSH RAT is basically identical to H-Worm.

"WSH is likely a reference to the legitimate Windows Script Host, which is an application used to execute scripts on Windows machines," according to Cofense's research team, the ones which discovered the new RAT.