In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- New Variant of Paradise Ransomware Spreads Through IQY Files
March 18, 2020
Internet Query Files (IQY) were used to deliver a new variant of Paradise ransomware, as reported by Last Line. The said file type has not been associated with this ransomware family before. In the past, IQY files were typically used in other malware campaigns such as the Necurs botnet that distributes IQY files to deliver FlawedAmmy RAT. Bebloh and Ursnif also spreads ...
- APT36 Taps Coronavirus as ‘Golden Opportunity’ to Spread Crimson RAT
March 17, 2020
A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, collecting anti-virus software information, and listing the running processes, drives and directories from victim machines. The ...
- New Ursnif Campaign Targets Users in Japan
March 17, 2020
Trend Micro researchers detected a new Ursnif campaign targeting users in Japan. The malware is distributed through infected Microsoft Word documents coming from spam emails. Ursnif, also known as Gozi, is an information stealer that collects login credentials from browsers and email applications. It has capabilities for monitoring network traffic, screen capturing, and keylogging. It is ...
- They Come in the Night: Ransomware Deployment Trends
March 16, 2020
Ransomware is a remote, digital shakedown. It is disruptive and expensive, and it affects all kinds of organizations, from cutting edge space technology firms, to the wool industry, to industrial environments. Infections have forced hospitals to turn away patients and law enforcement to drop cases against drug dealers. Ransomware operators have recently begun combining encryption with the threat of data leak and exposure in order ...
- MonitorMinor: vicious stalkerware?
March 16, 2020
What is the usual functionality of stalkerware? The most basic thing is to transmit the victim’s current geolocation. There are many such “stalkers”, since various special web resources are used to display coordinates, and they only contain a few lines of code. Often, their creators use geofencing technology, whereby a notification about the victim’s movements is ...
- Analysis: Abuse of .NET features for compiling malicious programs
March 12, 2020
The .NET framework, a software development framework created by Microsoft and is now a built-in component of Windows, includes components that enable developers to compile and execute C# source code during runtime. This allows programs to update or load modules without having to restart. While the .NET framework is originally intended to help software engineers, cybercriminals ...