Tuesday, June 18, 2024

Hackers Trick Users With Data Leak Message to Deploy Malware

Researchers discovered the spread of a malicious exe file that targets specific individuals and is disguised as information related to a personal data leak.

The malware functions as a backdoor, executing obfuscated commands in XML format after receiving them from the threat actor.

Because this malware is focused on specific targets, users should avoid opening attachments in emails from unknown senders.

Malicious exe File Disguised as a Word File

According to the AhnLab Security Emergency Response Center (ASEC), an email purporting to be from a cyber investigation team was sent. Furthermore, the infected exe file was pretended to be a Word document.

https://i0.wp.com/asec.ahnlab.com/wp-content/uploads/2023/12/image-31.png?resize=1024%2C619&ssl=1
An email impersonating a cyber investigation team

“When the malicious exe file is executed, the files in the .data section are created into the %Programdata% folder. Out of the created files, all files are obfuscated except for the legitimate doc file”, ASEC said in a report shared with Cyber Security News.

https://i0.wp.com/asec.ahnlab.com/wp-content/uploads/2023/12/image-16.png?resize=1024%2C530&ssl=1
The malicious exe file disguised as a Word file

Except for the legitimate doc file, every file that was generated is obfuscated as given below:

  • Lomd02.png (Malicious jse script)
  • Operator.jse (Malicious jse script)
  • WindowsHotfixUpdate.jse (Malicious jse script)
  • 20231126_9680259278.doc (Legitimate doc file)
  • WindowsHotfixUpdate.ps1 (Malicious PowerShell script)

Researchers said among the newly generated files is a valid document file called ‘20231126_9680259278.doc’. This was most likely included by the threat actor to trick the user into thinking they had opened a legitimate file.

Because the C2 was closed in this case, the malware’s ultimate action was not visible; however, researchers say it functions as a backdoor by receiving obfuscated commands from the threat actor and executing them in XML format.

In this scenario, normal users are unable to detect that their PCs are infected with malware because the bait file is executed concurrently.

Hence, individuals should avoid opening attachments from emails they receive from unidentified sources since these malicious files are meant to target individual people.

Website

Latest articles

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for...

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by...

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked...

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data.ARM's...

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles