Watch out - that WeTransfer link could be a phishing scam
Date:
Mon, 12 Sep 2022 21:59:17 +0000
Description:
New phishing campaign abuses a legitimate WeTransfer file-sharinh service to distribute a potent trojan.
FULL STORY ======================================================================
If you get an email from an unknown person, sharing a Proof of Payment document from WeTransfer, be careful as its most likely malware .
Cybersecurity researchers from Cofense have found threat actors are now distributing the Lampion malware this way in greater volume.
Lampion is a known trojan, capable of stealing sensitive data, such as
banking information, passwords, and similar. It does so by overlaying known login forms with its own, and then sending out the submitted data to its command & control servers. Lampion distribution
What makes this campaign more dangerous than other, similar campaigns, is the use of WeTransfer . This is a legitimate file transfer service, making it extremely difficult for email security systems to flag it as malicious. Whats more, this is not the only legitimate service the crooks are abusing - theyre also leveraging Amazon Web Services (AWS), and heres how.
When a victim receives the email, and if they download the file, theyll get a ZIP archive with a Virtual Basic Script (VBS) inside. The script, if run, connects to an AWS instance, and grabs two DLL files, also in protected ZIP archives. These DLLs, when activated (which is done automatically and with no user interaction whatsoever), are loaded into memory and allow Lampion to operate.
Lampion is a known trojan, thats been used since 2019 Starting as malware targeting the Spanish-speaking community first, it has since gone international. This year, researchers said its distribution picked up pace, with some identifying a hostname link to Bazaar and LockBit. Read more
These fake Android antivirus apps install a dangerous banking trojan
New Roblox trojan will land you with a nasty PC infection
Best ways to share big files: Cloud sharing large folders made simple
Email is still one of the best ways to distribute viruses, malware, or ransomware, despite the fact that email protection tools have gotten better over the years. Today, threat actors can leverage a number of free cloud tools, such as hosting providers, calendar organizers, and similar, to bypass security measures and distribute malicious code to endpoints around the
world. These are the best firewalls right now
Via: BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/news/watch-out-that-wetransfer-link-could-be-a-phish ing-scam/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)