In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- HQWar: the higher it flies, the harder it drops
October 2, 2019
Mobile dropper Trojans are one of today’s most rapidly growing classes of malware. In Q1 2019, droppers are in the 2nd or 3rd position in terms of share of total detected threats, while holding nearly half of all Top 20 places in 2018. Since the droppers’ main task is to deliver payload while sidestepping the ...
- Securing the Industrial Internet of Things: Addressing IIoT Risks in Healthcare
October 2, 2019
The constant quest for prolonging and preserving human life has continually driven technologies to develop groundbreaking innovations in the delivery of healthcare services and state-of-the-art treatments. Like in many other enterprises, the industrial internet of things (IIoT) has rapidly transformed the network and data infrastructure in health and medicine. With the IIoT, medical data and information have ...
- New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign
October 1, 2019
Trend Micro found a new modular fileless botnet malware, which we named “Novter,” (also reported and known as “Nodersok” and “Divergent”) that the KovCoreG campaign has been distributing since March. We’ve been actively monitoring this threat since its emergence and early development, and saw it being frequently updated. KovCoreG, active since 2011, is a long-running campaign ...
- New SIM card attack disclosed, similar to Simjacker
September 27, 2019
A team of security researchers has detailed a second SMS-based attack that can allow malicious actors to track users’ devices by abusing little-known apps that are running on SIM cards. This new attack, named WIBattack, is identical to Simjacker, an attack disclosed at the start of the month by mobile security firm AdaptiveMobile. Both attacks work in the ...
- Thousands of PCs Affected by Nodersok/Divergent Malware
September 27, 2019
New malware identified by Microsoft and Cisco Talos has affected thousands of PCs in the United States and Europe and turns systems into proxies for performing malicious activity, the companies said. The fileless threat—called Nodersok by Microsoft and Divergent by Cisco Talos—has many of its own components but also takes advantage of existing tools to do ...
- WhiteShadow downloader uses Microsoft SQL queries to deliver malicious payloads
September 27, 2019
Researchers have documented the emergence of a downloader that makes use of Microsoft SQL queries to pull and deliver malicious payloads. In August this year, Proofpoint researchers found the new, staged downloader, known as WhiteShadow, which is being used to deliver a variety of malware to vulnerable systems. The cybersecurity team said in a blog post on Thursday ...