Tuesday, November 12, 2024
HomeMalwareVawtrak malware spread via toxic Word documents Beware poisoned parking tickets

Vawtrak malware spread via toxic Word documents Beware poisoned parking tickets

Published on

Malware protection

Pernicious spam (malspam) utilizing Microsoft office records with Hancitor-based Visual Basic (VB) macros to send Pony and Vawtrak. Regardless it happens,And A report Said  this one from 2016-12-19, where Hancitor/Pony/Vawtrakmalspamwas disguised as a LogMeIn account notification ,And apparently, there’s been a recent lull in Hancitor/Pony/Vawtrakmalspam

Once Vawtrak infects a PC, it is capable of logging keystrokes, taking screenshots, and hijacking webcams. It also opens a remote access backdoor that allows anyone who controls it to steal files, digital certificates, and passwords from the victim’s computer..

It’s not as common as it once was, but malicious spam that infects users with the Pony and Vawtrak malware is still making its rounds in the wild.

- Advertisement - SIEM as a Service

what is Vawtrak

Vawtrak is an information stealing malware family that is primarily used to gain unauthorised access to bank accounts through online banking websites. Machines infected by Vawtrakform part of a botnet that collectively harvests login credentials for the online accounts to awide variety of financial and other industry organisations.

These stolen credentials are used,in combination with injected code and by proxying through the victim’s machine, to initiatefraudulent transfers to bank accounts controlled by the Vawtrak botnet administrators.

Brad Duncan ,Explained this In SANS blog,

” The link from the malspam downloaded a Microsoft Word document.  The document contains a malicious VB macro described has Hancitor, Chanitor or Tordal.  I generally call it Hancitor.  If you enable macros, the document retrieves a Pony downloader DLL.  The Pony downloader then retrieves and installs Vawtrak malware. “

On 10 January, Brad Duncan of the SANS Internet Storm Center received what appeared to be a parking ticket notification.

Flow chart of the infection process. source :SANS

Infection traffic after activating macros in the Word document.

Duncan conclude in his Article ,

we often become jaded as yet another wave of malspam does the same thing it’s done before.  Patterns behind such activity are often well-documented. hat attitude only encourages the criminal groups behind malspam.

For various reasons, many environments don’t follow best security practices, and they’re still vulnerable.  If we discuss on-going waves of malspam in high-visibility forums like this one, more people will be aware of the threat.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

VMware Workstation & Fusion Now Available for Free to All Users

VMware has announced that its popular desktop hypervisor products, VMware Workstation and VMware Fusion,...

Dell Enterprise SONiC Flaw Let Attackers Hijack the System

Dell Technologies has disclosed multiple critical security vulnerabilities in its Enterprise SONiC OS, which...

Amazon Confirms Employee Data Breach Via Third-party Vendor

Amazon has confirmed that sensitive employee data was exposed due to a breach at...

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

HookBot Malware Use Overlay Attacks Impersonate As Popular Brands To Steal Data

The HookBot malware family employs overlay attacks to trick users into revealing sensitive information...