Friday, April 19, 2024

Beware !! Hackers Deliver FlawedAmmyy RAT via Weaponized Microsoft Word and PDF Documents

Cybercriminals spreading powerful FlawedAmmyy RAT via Weaponized Microsoft Word and PDF Attachments to spy victims device and steal the sensitive information Remotely.

Hackers always lookout for legitimate programs or application to evade detection and to execute code with minimal user interaction.

Matt Nelson from SpecterOps recently published research on how attackers could abuse “.SettingContent-ms” file formats to run arbitrary commands on the latest version of windows.

Bad Actors Adopted  – FlawedAmmyy RAT

The SettingContent-ms file introduced in Windows 10, it is an XML document used to create shortcuts to various Windows 10 setting pages. Proofpoint researchers observed TA505 hacking group using this new technique to spread FlawedAmmyy RAT.

Threat actors embed the SettingContent-ms file inside the Microsoft Word and PDF documents. “The interesting aspect of this file is the <DeepLink> element in the schema. This element takes any binary with parameters and executes it.”

So if the users open a PDF file attachment with an embedded SettingContent-ms file, then windows would automatically run SettingContent-ms file and the PowerShell command contained within the “DeepLink” which leads to download and execute the FlawedAmmyy RAT.

The FlawedAmmy RAT functions
Remote Desktop control
File system manager
Proxy support
Audio Chat

Researchers observed the campaign first on June 18 and later on July 16 a large campaign with hundreds of thousands of messages attempting to deliver PDF attachments with an embedded SettingContent-ms file.

“TA505 acting as an early adopter, adapting the abuse of SettingContent-ms files to a PDF-based attack delivered at significant scale. We will continue to monitor ways in which threat actors use this approach in the weeks to come.” Proofpoint researchers said.

To best way to defend this attack is to block.SettingContent-ms, with the Microsoft recent update on the list of dangerous files to block within Office 365 documents, “.SettingContent-ms” file has been added.

Also Read:

Beware of FlawedAmmyy-RAT that Steals Credentials and Record Audio Chat

Beware!! Google Map Vulnerability Allows an Attacker to Redirect Victims into Malicious Websites

Powerful APT Malware “Slingshot” Performs Highly Sophisticated Cyber Attack to Compromise Router


Latest articles

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...

Cisco Hypershield: AI-Powered Hyper-Distributed Security for Data Center

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity.This groundbreaking...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles