Posted on June 15, 2021 at 8:05 PM
Microsoft has warned about a dangerous new malware strain that steals account login credentials and copies anything from the user’s computer. According to the report, the threat actors are using fake PDFs to distribute the malware. They are usually placed in emails sent to targets.
The attack doesn’t need too much invitation to launch on the victim’s system. Once the target tries to open the PDF, it’s enough to release the malware into the system.
But once the user double-clicks on the fake file, it will drop a RAT payload after downloading a malicious VBScript on the system.
Attackers are spoofing legitimate organizations
Microsoft noted that the threat actors are presently targeting legitimate organizations in the cargo, travel, and aviation industry.
The type of RAT discovered by Microsoft is designed to steal different types of information, such as usernames and passwords for users’ online accounts. It steals anything the user copies or places on the clipboard. Based on the user’s activities, it will include different types of login credentials that the user has stored on the computer for immediate access.
This also includes apps, images, and tests, as well as images from the user’s webcam.
The main aim of such hackers is to use the images or files to earn direct profit. But if that is not possible, they go the route of blackmailing the user if they find something too personal the target may not want to be exposed.
The increasing spate of ransomware attacks
Recently, security researchers have uncovered scams where users are blackmailed by threat actors who threaten them with pictures from the users’ webcam. They usually ask the users to pay a certain ransom, threatening to send the bad images to friends and families if they don’t pay.
These scammers know the users’ friends thanks to the stolen access they have on their social media accounts.
Although the attack is an old tactic from threat actors, the concern is the fact that it’s becoming more common.
And it seems the attackers have upgraded their attacking potency. In the past, users must have to download malicious PDFs before they are infected, but this new malware does not need that much action. People don’t even need to download the malware PDF before becoming a victim of a cruel attack.
Microsoft warned that the scam becomes effective even if only one person from a multinational company becomes a victim of the malware, which can spread across the entire network of the business.
It means that even a user that didn’t do anything to welcome the malware can fall victim if a colleague is infected. Once the colleague shares the same network with them or they exchange files together, the malware can pass to the next system directly.
The worst part is the fact that the hackers can have access to the victim’s webcam without their knowledge.
Colonial Pipeline’s boss was affected by this pattern
Some security experts are speculating that the fake email was used to infiltrate the computer of the Chief Executive Officer of Colonial Pipeline in the US.
The hackers had to demand a ransom of $4.4 million from the company, which it allegedly paid to recover stolen files. But US security agents said they carried out a counter-hacking activity to reclaim most of the ransom paid to the hackers. However, despite the operation, the identities of the hackers are still not known, according to the reports.
The amount of money involved showed the danger this type of attack can pose to critical organizations.
Protecting against similar attacks
Users have been advised to protect their accounts against such attacks. Security researchers noted that users should make use of a uniquely generated password for each online account they have. Using this measure will protect their other accounts even if the hackers gain access to one of the accounts. They should also make sure their systems have the updated anti-malware software to keep some types of malware out of their devices.