In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- LimeRAT malware is being spread through VelvetSweatshop Excel encryption technique
April 1, 2020
A new campaign is spreading the LimeRAT Remote Access Trojan by harnessing an old encryption technique in Excel files. LimeRAT is a simple Trojan designed for Windows machines. The malware is able to install backdoors on infected machines and encrypt files in the same way as typical ransomware strains, add PCs to botnets, and install cryptocurrency ...
- Holy water: ongoing targeted water-holing attack in Asia
March 31, 2020
On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. This campaign has been active since at least May 2019, and targets an Asian religious and ethnic group. The threat actor’s unsophisticated but creative toolset has been evolving a lot since ...
- SilverTerrier: 2019 Nigerian Business Email Compromise Update
March 31, 2020
In 2019, Business Email Compromise (BEC) maintained its rankings as both the most profitable and the most prominent threat facing our customers. According to the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3), which recently released its annual report, US$1.77 billion in losses were attributed to BEC attacks over the course of 2019. This number ...
- Nation-State Attacks Drop in Latest Google Analysis
March 30, 2020
Google has registered a significant drop in government-backed cyberattacks against its properties and the people who use its products. Google sends out warnings if it detects that an account is a target of government-backed phishing or malware attempts. For 2019, the internet giant sent almost 40,000 warnings – which, while a large number, is still a ...
- Zeus Sphinx Banking Trojan Arises Amid COVID-19
March 30, 2020
According to researchers Amir Gandler and Limor Kessem at IBM X-Force, Sphinx (a.k.a. Zloader or Terdot) began resurfacing in December. However, the researchers observed a significant increase in volume in March, as Sphinx’s operators looked to take advantage of the interest and news around government relief payments. First seen in August 2015, Sphinx is a modular ...
- A mysterious hacker group is eavesdropping on corporate email and FTP traffic
March 28, 2020
Since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks, Chinese security firm Qihoo 360 said today. In a report published on the blog of its network security division Netlab, Qihoo said its researchers detected two different threat actors, each exploiting ...