In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Weaponizing Open Source Software for Targeted Attacks
November 20, 2020
Trojanized open-source software is tricky to spot. This is because it takes on the façade of legitimate, non-malicious software, making it especially stealthy and useful for targeted attacks. However, a closer investigation can reveal suspicious behavior that exposes their malicious intent. How are open-source software trojanized? How can we detect them? To answer these questions, let ...
- QBot partners with Egregor ransomware in bot-fueled attacks
November 20, 2020
The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September. Qbot, otherwise known as QakBot or QuakBot, is Windows malware that steals bank credentials, Windows domain credentials, and provides remote access to threat actors who install ransomware. Victims usually become infected with Qbot through phishing emails ...
- Android chat app with 100 million installs exposes private messages
November 19, 2020
GO SMS Pro, an Android instant messaging application with over 100 million installs, is publicly exposing private multimedia files shared between its users. By abusing a flaw in the app, unauthenticated attackers can gain access to private voice messages, videos, and photos shared by GO SMS Pro users as Trustwave security researchers discovered three months ago. The ...
- Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack
November 19, 2020
Researchers have uncovered a new attack that lets bad actors snoop in on homeowners’ private conversations – through their robot vacuums. The vacuums, which utilize smart sensors in order to autonomously operate, have gained traction over the past few years. The attack, called “LidarPhone” by researchers, in particular targets vacuums with LiDAR sensors, as the name ...
- Egregor Ransomware Attack Hijacks Printers to Spit Out Ransom Notes
November 19, 2020
So, you’re a ransomware gang and you want to ensure that you have caught the attention of your latest corporate victim. You could simply drop your ransom note onto the desktop of infected computers, informing the firm that their files have been encrypted. Too dull? You could lock infected PCs and display a ghoulish skull on a bright ...
- Advanced Threat predictions for 2021
November 19, 2020
Trying to make predictions about the future is a tricky business. However, while we don’t have a crystal ball that can reveal the future, we can try to make educated guesses using the trends that we have observed over the last 12 months to identify areas that attackers are likely to seek to exploit in ...