Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
New Malware Variant Is Delivered By Email
#1
Office 365 users are being victimized by a new malware variant being sent by email, according to Ironscales and Sandbox.

Bad actors are using a malicious #RTF file to infect machines and trick users into downloading an exe file payload.

The malware was discovered on November 29 by researchers from Ironscales and Sandbox, providers of a phishing threat protection platform.

The attack is a variant of “Formbook,” ready-to-sell malware that can be used by cyber-criminals who lack skill in malware, the researchers say.

The malware is a form-grabber written in C and x86 assembly language, they add.

Microsoft has had to patch the EQNEDT32.EXE process. It might have lost the source code for the process, meaning that it can’t patch against attacks, the firms report.
The malware depends on advanced techniques for lateral movement, stealing an executing thread of the 'explorer.exe' process to execute their own code.

The URL, hxx*ps://f.coka.la/2RTMHs.png, is an EXE file, hidden under the cover of a .PNG file. It is legitimately encrypted, and will bypass regular proxy servers, the result being is that the malicious content remains hidden, the researchers report.

Due to delivery advances, the malware cannot be detected by antivirus and is difficult to monitor.

The researchers have not been able to discern a geographic pattern.

VirusTotal

:arrow: https://www.mediapost.com/publications/a...email.html
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Powerful new Oski variant ‘Mars Stealer’ grabbing 2FAs and crypto Mohammad.Poorya 0 3,729 02-02-2022 , 05:50 AM
Last Post: Mohammad.Poorya
  Godaddy malware email saying you are hacked baziroll 0 1,632 07-22-2017 , 12:42 AM
Last Post: baziroll

Forum Jump:


Users browsing this thread: 2 Guest(s)