1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Another Microsoft vulnerability is being used to spread malware

    From TechnologyDaily@1337:1/100 to All on Tue Mar 19 13:15:05 2024
    Another Microsoft vulnerability is being used to spread malware

    Date:
    Tue, 19 Mar 2024 13:00:07 +0000

    Description:
    Hackers were observed abusing Object Linking and Embedding to drop the NetSupport RAT.

    FULL STORY ======================================================================

    Hackers are using a novel phishing technique to deliver remote access trojans (RAT) to unsuspecting victims.

    According to the report, published this Monday, threat actors are using a technique called Object Linking and Embedding (OLE).

    This is a Windows feature that allows users to embed and link documents
    within documents, resulting in compound files with elements from different programs. New phishing methods

    This is according to cybersecurity experts Perception Point, who recently detailed a campaign they dubbed Operation PhantomBlu.

    The campaign starts with the usual phishing email, seemingly coming from the victims company accounting department. The emails are being sent from a legitimate marketing platform called Brevo, suggesting the platform was most likely compromised in some way.

    Attached with the email is a Word monthly salary report document. The victims that download the file are first asked to enter a password to open it, and then double-click a printer icon embedded in the doc.

    By doing that, the victim runs a ZIP archive file holding a Windows shortcut file, which runs a PowerShell dropper which deploys the NetSupport RAT from a remote server.

    "By using encrypted .docs to deliver the NetSupport RAT via OLE template and template injection, PhantomBlu marks a departure from the conventional TTPs commonly associated with NetSupport RAT deployments," said Ariel Davidpur,
    the reports author, adding the updated technique "showcases PhantomBlu's innovation in blending sophisticated evasion tactics with social
    engineering."

    NetSupport RAT is a weaponized version of NetSupport Manager, a legitimate remote control software, first released in 1989. For years now, NetSupport
    RAT was one of the most commonly used remote access trojans, allowing attackers unabated access to compromised devices. They can then use that access to deploy even more dangerous malware , including infostealers and ransomware.

    The best way to protect against these attacks is to be vigilant when
    receiving emails and only downloading attachments from verified sources. More from TechRadar Pro 1024-bit RSA keys for Windows will soon be no more Here's
    a list of the best firewalls around today These are the best endpoint
    security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/another-microsoft-vulnerability-is-bein g-used-to-spread-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)