In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Arcane Stealer V Takes Aim at the Low End of the Dark Web
September 27, 2019
A general-purpose info-stealing malware is poised to make a splash in cybercrime circles, thanks to its market niche: It’s positioned as an ideal tool for low-skilled adversaries looking to get some skin in the game without having a lot of expertise. According to the Fidelis Threat Research Team (TRT), the Arcane Stealer V malware is an ...
- Masad Spyware Uses Telegram Bots for Command-and-Control
September 27, 2019
A freshly discovered commercial spyware dubbed the “Masad Clipper and Stealer” is using Telegram bots as its command-and-control (C2) hub. Masad harvests information from Windows and Android users and also comes with a full cadre of other malicious capabilities, including the ability to steal cryptocurrency from victims’ wallets. According to an analysis from Juniper Threat Labs on ...
- 17 US utility firms targeted by mysterious state-sponsored group
September 24, 2019
A mysterious state-sponsored hacking group has targeted at least 17 US utility firms with phishing emails for a five-month period between April 5 and August 29, Proofpoint reported today. The purpose of these attacks was to infect employees at US utility firms with LookBack, a remote access trojan with an extensive set of features. While no formal ...
- Russian state hackers rarely share code with one another
September 24, 2019
Russia’s state-sponsored hacking groups rarely share code with one another, and when they do, it’s usually within groups managed by the same intelligence service, a new joint report published today reveals. This report, co-authored by Check Point and Intezer Labs, is a first of its kind in its field. The two companies looked at nearly 2,000 ...
- Hello! My name is Dtrack
September 23, 2019
Kaspersky Lab investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victim’s ATMs, where it could read and store the data of cards ...
- More Hidden App Malware Found on Google Play with over 2.1 Million Downloads
September 23, 2019
Malicious apps hide themselves after installation and aggressively display full-screen advertisements. In recent times we’ve seen multiple malicious apps found in the Google Play Store by various cyber security firms, including Symantec, yet this problem doesn’t seem to be dissipating. We have uncovered another wave of malicious apps in the Play Store which have been downloaded ...