Jump to content
Login new information ×
Login new information

Microsoft detects new Evil Corp malware attacks

duddy

By duddy
in Security & Privacy News

Recommended Posts

duddy

duddy

Posted
Posted

Microsoft detects new Evil Corp malware attacks

Phishing campaign uses HTML redirectors to deliver malicious Excel documents

 

s3fZSNQcPjVBeU4amrR2bc-320-80.jpg

(Image credit: Pixabay)

 

Microsoft has observed that the hacking group known as Evil Corp or TA505 has switched up the tactics in its ongoing phishing campaign to deliver malware by using malicious Excel documents.

 

The company provided more details on the new campaign in a series of tweets in which its researchers said that the final payload is now being delivered by using an Excel document containing a malicious macro.

 

Evil Corp has been active since 2014 and the cybercrime group is financially motivated. It is known for targeting retail companies as well as financial institutions by using large malicious spam campaigns powered by the Necurs botnet.

 

 

Researchers from Microsoft Security Intelligence explained how Evil Corp's new campaign works in a tweet, which reads:

 

“The new campaign uses HTML redirectors attached to emails. When opened, the HTML leads to the download Dudear, a malicious macro-laden Excel file that drops the payload. In contrast, past Dudear email campaigns carried the malware as attachment or used malicious URLs.”

 

Evil Corp

This new campaign marks the first time that Evil Corp has used HTML redirectors as part of its attacks. Previous email campaigns carried out by the group used attachments or malicious download URLs to deliver their malicious payloads.

 

Evil Corp's latest campaign sends out phishing messages that come with HTML attachments that automatically start downloading the Excel file used to drop the payload. Victims are told to open the Excel document on their computer and to enable editing to access its contents.

 

Once this is done, the malware will also try to drop a remote access trojan (RAT) known as Grace Wire or FlawedGrace onto a victim's system.

 

The cybercriminals behind this new campaign even utilized localized HTML files in different languages in order to reach victims from all around the world.

 

Source

 

 

Link to comment
Share on other sites
  • Replies 1
  • Views 519
  • Created
  • Last Reply
Matrix

Matrix

Posted
Posted

Formatting and Paragraphing Corrected

 

Your Original Post before correction made e.g View with Nsane Dark Theme.

Spoiler

Microsoft detects new Evil Corp malware attacks

Phishing campaign uses HTML redirectors to deliver malicious Excel documents

 

s3fZSNQcPjVBeU4amrR2bc-320-80.jpg

(Image credit: Pixabay)

 

Microsoft has observed that the hacking group known as Evil Corp or TA505 has switched up the tactics in its ongoing phishing campaign to deliver malware by using malicious Excel documents.

The company provided more details on the new campaign in a series of tweets in which its researchers said that the final payload is now being delivered by using an Excel document containing a malicious macro.

Evil Corp has been active since 2014 and the cybercrime group is financially motivated. It is known for targeting retail companies as well as financial institutions by using large malicious spam campaigns powered by the Necurs botnet.

 

Researchers from Microsoft Security Intelligence explained how Evil Corp's new campaign works in a tweet, which reads:

“The new campaign uses HTML redirectors attached to emails. When opened, the HTML leads to the download Dudear, a malicious macro-laden Excel file that drops the payload. In contrast, past Dudear email campaigns carried the malware as attachment or used malicious URLs.”

 

Evil Corp

This new campaign marks the first time that Evil Corp has used HTML redirectors as part of its attacks. Previous email campaigns carried out by the group used attachments or malicious download URLs to deliver their malicious payloads.

Evil Corp's latest campaign sends out phishing messages that come with HTML attachments that automatically start downloading the Excel file used to drop the payload. Victims are told to open the Excel document on their computer and to enable editing to access its contents.

Once this is done, the malware will also try to drop a remote access trojan (RAT) known as Grace Wire or FlawedGrace onto a victim's system.

The cybercriminals behind this new campaign even utilized localized HTML files in different languages in order to reach victims from all around the world.

 

Source

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...