In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Over nine million Android devices infected by info-stealing trojan
November 23, 2021
A large-scale malware campaign on Huawei’s AppGallery has led to approximately 9,300,000 installs of Android trojans masquerading as over 190 different apps. The trojan is detected by Dr.Web as ‘Android.Cynos.7.origin’ and is a modified version of the Cynos malware designed to collect sensitive user data. The discovery and report come from researchers at Dr. Web AV, who ...
- Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws
November 22, 2021
Attackers are gnawing on the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange Server to hijack email chains, by malspamming replies to ongoing email threads, researchers say. What’s still under discussion: whether the offensive is delivering SquirrelWaffle, the new email loader that showed up in September, or whether SquirrelWaffle is just one piece of malware among several ...
- Emotet botnet comeback orchestrated by Conti ransomware gang
November 19, 2021
The Emotet botnet is back by popular demand, resurrected by its former operator, who was convinced by members of the Conti ransomware gang. Security researchers at intelligence company Advanced Intelligence (AdvIntel) believe that restarting the project was driven by the void Emotet itself left behind on the high-quality initial access market after law enforcement took it ...
- Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure
November 19, 2021
Security researchers have checked the web’s public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities. Certificate Authorities, or CAs, vouch for the digital certificates we use to establish trust online. You can be reasonably confident that your bank website is actually your bank website when it presents your browser ...
- RedCurl corporate espionage hackers resume attacks with updated tools
November 18, 2021
A crew of highly-skilled hackers specialized in corporate espionage has resumed activity, one of their victims this year being a large wholesale company in Russia. Tracked as RedCurl, the group attacked the Russian business twice this year, each time using carefully constructed spear-phishing emails with initial-stage malware. Active since 2018, RedCurl is responsible for at least 30 ...
- Iranian targeting of IT sector on the rise
November 18, 2021
Iranian threat actors are increasing attacks against IT services companies as a way to access their customers’ networks. This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and access in a supply chain. Microsoft has observed multiple Iranian threat actors targeting the IT ...