Horabot Unleashed: A Stealthy Phishing Threat


In April, FortiGuard Labs observed a threat actor using phishing emails with malicious HTML files to spread Horabot, malware that primarily targets Spanish-speaking users. It is known for using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email credentials, harvest contact lists, and install banking trojans.

Horabot leverages Outlook COM automation to send phishing messages from the victim’s mailbox, enabling it to propagate laterally within corporate or personal networks. The threat actor also executed a combination of VBScript, AutoIt, and PowerShell to conduct system reconnaissance, credential theft, and the installation of additional payloads.

Read more…
Source: Fortinet


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Operational Technology Widens Supply Chain Attack Surfaces

    March 8, 2019

    Today’s supply chain has evolved, with operational technology (OT) used in factories increasingly becoming connected and converging with IT systems — introducing new attack vectors. This new reality is vital for companies to understand in the context of risk, according to Dawn Cappelli, vice president of global security and CISO at Rockwell Automation and Edna Conway, ...

  • New SLUB Backdoor Uses GitHub, Communicates via Slack

    March 7, 2019

    We recently came across a previously unknown malware that piqued our interest in multiple ways. For starters, we discovered it being spread via watering hole attacks, a technique that involves an attacker compromising a website before adding code to it so visitors are redirected to the infecting code. In this case, each visitor is redirected only ...

  • Data-Wiping Cyberattacks Plague Financial Firms

    March 6, 2019

    Over a quarter of surveyed financial institutions reported that they were targeted by destructive cyberattacks over the past year, bent on completely destroying data. That’s according to a new Carbon Black report unveiled at RSA this year. The report, “Modern Bank Heists: The Bank Robbery Shifts to Cyberspace,” outlines the top attacks that financial firms are facing ...

  • IoT Devices Under Constant Attack

    March 4, 2019

    ‘Secure your IoT devices’ is the message from security specialist Cyxtera Technologies, after research found that IoT devices are now under constant attack. The research was conducted jointly by Cyxtera threat researcher Martin Ochoa and researchers from the Singapore University of Technology and Design. They detected more than 150 million connection attempts to 4,642 distinct IP addresses ...

  • How the Dark Web Data Bazaar Fuels Enterprise Attacks

    March 3, 2019

    It seems every aspect of our lives is available to be found somewhere on the internet. And the information available isn’t simply embarrassing browsing histories but ranges from our medical histories to the logon credentials we use to access many of our online services. This is certainly a privacy concern, but it’s also increasingly an enterprise ...

  • New exploit lets attackers take control of Windows IoT Core devices

    March 2, 2019

    Speaking at a conference today, a security researcher has revealed a new exploit impacting the Windows IoT Core operating system that gives threat actors full control over vulnerable devices. The vulnerability, discovered by Dor Azouri, a security researcher for SafeBreach, impacts the Sirep/WPCon communications protocol included with Windows IoT operating system. Azouri said the vulnerability only impacts Windows ...