1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This phishing campaign could really blow up in the face of the attacke

    From TechnologyDaily@1337:1/100 to All on Fri Jun 25 16:15:04 2021
    This phishing campaign could really blow up in the face of the attackers

    Date:
    Fri, 25 Jun 2021 15:00:23 +0000

    Description:
    Spreading malware using an obscure file format creates a lot more hurdles
    than it eliminates.

    FULL STORY ======================================================================

    Cybersecurity researchers have shared details about an ill-conceived malware campaign that falls flat on its face.

    Enterprise network security company Trustwave spotted a campaign that uses a novel disk image file to conceal malware. It says that while the use of unusual attachments helps bypass security software like firewalls and antivirus software , it also runs the risk of raising red flags with users.

    However, in this instance, the threat actors used such an esoteric file
    format that it isnt even supported by Windows . TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

    Click here to start the survey in a new window << Protect your devices
    with these best antivirus software Here's our choice of the best malware removal software on the market These are the best ransomware protection tools

    Encapsulating malware in an unusual archive file format is one of the common ways to bypass gateways and scanners. However, this strategy also poses a hurdle the target system must recognize the file type or at least have a
    tool which can unpack and process the file, notes Trustwave in its analysis . WIMs and fancies

    The campaign saw the threat actors use the WIM (Windows Imaging Format) file, disguised as an invoice or a consignment note, to smuggle malware.

    In the past threat actors have relied on disk image files such as .ISO, .IMG, and .DAA to conceal malware. However, as Trustwave notes, unlike the other disk image formats, Windows does not have the built-in ability to extract these files, which can only be unpacked using archiving tools like 7Zip , PowerISO, and PeaZip .

    Trustwave analysis reveals that the file contains the Agent Tesla malware, which is a dangerous remote access trojan (RAT) that can exfiltrate data via HTTP, SMTP, FTP, and Telegram and also allow the threat actors to exercise control over a compromised system.

    However, concealing such a lethal malware inside such an obscure file format isnt really a smart move as it ensures that a majority of the targets will
    not be able to accidentally infect their computers. These are the best endpoint protection tools



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-phishing-campaign-could-blow-up-in-the-fac e-of-the-attackers/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)