Friday, April 19, 2024

Hackers Launching New Muncy Malware as .EXE File Worldwide via DHL Phishing Campaign

By Balaji

Cyber Criminals now distributing new dubbed Muncy malware as a EXE file format via DHL phishing campaigns to target the users around the world.

DHL phishing is one of the widely distributing campaigns that delivers that various sophisticated malware in recent past via malspam emails.

Threat actors are leveraging the poorly configured SMTP servers and email spoofing techniques to distributing the DHL phishing campaign that looks like a legitimate one.

DHL is a globally well-known and trusted logistics company that providing
international courier, parcel, and express mail services and the reputation abused by cybercriminals in order to deliver the powerful malware.

Malicious actors using Email spoofing technique in currently distributed phishing email campaign where the email pretending that it comes from DHL express.

Distributed malspam Email contained a malicious attachment that posed as PDF and the extracted files format is .exe.

Initial wave observed was on February 12th, 2019 by Segurança Informática (SI) Lab and the further analysis revealed that SMTP servers with bad configurations are a majestic vector to spread malicious campaigns.

Also, the body of the email tricked with embedded PNG image instead of the plain-text message that attached to the following local path in the system C:/Users/Administrator/Desktop/DHL.png .

Muncy Malware Via DHL Phishing

Once the victim open the attachment, it drops the Muncy trojan file on the system and the malware is completely packed.

Later its starts the initial execution process that unpacked to the PE File .data section and scans the entire C:\ drive  in order to find the sensitive files.

MUNCY MALWARE WORK FLOW

“The phishing campaign is trying to impersonate DHL shipment notification and the malware is attached in the email”, Founder and Pentester at CSIRT.UBI, Pedro Tavares who discovered this malware told to GBHackers via email.

“This malware is on the rise and is affecting user’s in-the-wild while stealing sensitive information from their devices.”

The giant DHL has already been informed about the phishing campaign but has not yet issued any public statement. researcher said.

Indicators of Compromise

Hashes

7eb38ece89e903d298d7cf03b3aec69d
4df6d097671e0f12b74e8db080b66519

Also Read:

Google Launches phishingquiz To Test That you Can Identify Phishing Emails

New Phishing Attack Taking Advantages of Vulnerability in Office 365 to Bypass all of Microsoft’s Security

Phishing Email Scams Target American Express Card Users To Steal Sensitive Information

Managed WAF Protection

Website

Latest articles

Uncategorized

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...
Vulnerability

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...
Cyber Attack

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...
Cyber Attack

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...
Android

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...
cyber security

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...
Cisco

Cisco Hypershield: AI-Powered Hyper-Distributed Security for Data Center

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity.This groundbreaking...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]