In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- New FluBot and TeaBot campaigns target Android devices worldwide
January 26, 2022
New FluBot and TeaBot malware distribution campaigns have been spotted, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania. The SMS topics used for spreading the FluBot malware include fake courier messages, “Is this you in this video?” coaxes, phony browser updates, and fake voicemail notifications. The most recent ...
- Trickbot will now try to crash researcher PCs to stop reverse engineering attempts
January 26, 2022
The Trickbot Trojan has been revised with a new set of anti-reverse engineering features including the capability to crash computers if analysis tools are detected. Over the years, Trickbot has evolved from its original state as a banking Trojan to a wider suite of malicious components. Following the retirement of Dyre in 2016 and the disruption of ...
- Context and Recommendations to Protect Against Malicious Activity by Iranian Cyber Group Emennet Pasargad
January 26, 2022
This Private Industry Notice provides a historical overview of Iran-based cyber company Emennet Pasargad’s tactics, techniques, and procedures (TTPs) to enable recipients to identify and defend against the group’s malicious cyber activities. On 20 October 2021, a grand jury in the US District Court for the Southern District of New York indicted two Iranian nationals ...
- Vulnerability in Apple iOS, iPad OS and MacOS could lead to disclosure of sensitive memory data
January 25, 2022
Cisco Talos recently discovered an out-of-bounds read vulnerability in Apple’s macOS and iOS operating systems that could lead to the disclosure of sensitive memory content. An attacker could capitalize on that information to aid in the exploitation of other vulnerabilities This vulnerability specifically exists in the DDS image parsing functionality of Apple’s ImageIO library that exists ...
- TianySpy Malware Uses Smishing Disguised as Message From Telco
January 25, 2022
It has been some time since SMS or text messaging has become a means to spread mobile malware. In September 2021, Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The chain is triggered by a smishing message that appears to be sent from a telecommunications company. It is ...
- Trellix finds OneDrive malware targeting government officials in Western Asia
January 25, 2022
Hackers are using Microsoft OneDrive in a multi-stage espionage campaign aimed at high-ranking government officials in Western Asia, according to a new report from Trellix. Researchers with Trellix named the malware involved “Graphite” because it uses Microsoft’s Graph API to leverage OneDrive as a command and control server. The attack takes advantage of an MSHTML remote ...