Friday, April 12, 2024

SmokeLoader Malware Abusing MS Office Document and Compromise Windows 8 ,10 Users PC

A dangerous malicious campaign SmokeLoader Malware abusing MS office document that spreading via spam Email and targetting windows 8 and above users.

Email medium is mainly used by attackers nowadays which carried out a variety of malware campaign and spreading across the world to infect a large number of users.

SmokeLoader Malware has acted and taken advantage of the infamous bug Meltdown and Spectre which affects almost all the modern processors and pushes Smoke Loader malware as a patch.

In this case, attackers using a different kind of  Email body content to gain more trust from the targeting users and compromise them to believe it as a legitimate one.

Also, attacker injecting shellcode into office document and compromise users to enable the macro which leads to install the malicious code on the victim’s machine.

Also Read: Hacking Group Spies on and Steal Data from Android Users Posing Actress Nude Photos

How does this Smokeloader Malware infect the users

Initially, attacker distributing Spam Email campaign that contains an information about job applications which is not actually a legitimate content.

SmokeLoader Malware

The Mail also contains an attached zip file which is protected by a password and the password is clearly mentioned within the body of the Mail.

In this case, attacker protects an attached file with a password to evade the email security software.

Once the user opens the attachment, it promotes to enter the password which is given in the body of the email.

After users enter the password, a malicious word document will be downloaded which contains a Malicious macro code and the document keep asking users to enable the Macro to infect the user.

SmokeLoader Malware

Once the user enabled the macro, suddenly a PowerShell” script will be executed in the background and it will launch a payload.

According to QuickHeal, If we look closely, the malicious file is hosted as a poop.jpg file on the attacker’s server, which is actually an executable SmokeLoader malware. This file is dropped with the name DKSPKD.exe at %Temp% location and launched to perform malicious activities.

This Malware will be taking advantage of Microsoft Window 8 and above the platform and during the Execution process SmokeLoader malware can also download other malware to infect the user.

How to protect:

— Always keep your OS and software updated
— Train staff never open attachments or click on a URL in unsolicited e-mails
— Use Anti Spam Gateways such as Comodo Antispam Gateway for defense against spam, phishing emails, and virus-infected attachments
— Turn on Your Firewall
— Limit the user Privilege
— Use caution when clicking on links to web pages

Website

Latest articles

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...

Taxi App Vendor Data Leak: 300K Passengers Data Exposed

Around 300,000 taxi passengers' personal information was left exposed on the internet, causing concern...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles