Connect with us

Hi, what are you looking for?

Cyber Security

Massive Phishing Attack Targeting 40+ Prominent Companies

In recent findings from Check Point Research, a significant phishing attack targeting more than 40 prominent Colombian companies has been uncovered. 

The attackers behind this campaign aimed to infect victims’ systems with the notorious “Remcos” malware, known for its versatility in malicious activities.

Remcos is categorized as a Remote Access Trojan (RAT), granting attackers complete control over compromised computers. This control allows them to carry out various malicious actions, including data theft, further malware installations, and the hijacking of user accounts.

Attack’s Modus Operandi

Fraudulent Email: Attackers initiated the campaign by sending deceptive emails impersonating trusted entities like banks or Colombian companies. These emails typically contained urgent messages, unpaid debts, or enticing offers.

Email Attachment: The emails included seemingly harmless attachments, often in ZIP or RAR file formats, claiming to contain essential documents or invoices.

Hidden Commands: Within the archive files were highly obfuscated Batch (BAT) files. When executed, these BAT files ran PowerShell commands, also obfuscated, creating a multi-layered obfuscation to evade security solutions.

Loading .NET Modules: These instructions caused the victim’s computer to load two critical components necessary for the subsequent stages of the attack.

First .NET Module: Evasion and Unhooking: The first component aimed to disable and deceive the computer’s security mechanisms, preventing the detection of malicious activities.

Second .NET Module: Loading “LoadPE” and Remcos: This part dynamically loaded another component named “LoadPE” from file resources. “LoadPE” was responsible for reflective loading, allowing the Remcos malware to be loaded directly into memory without being stored on disk.

Reflective Loading with “LoadPE”: Using “LoadPE,” attackers loaded the final payload, the Remcos malware, into memory. This reflective loading technique further evaded traditional antivirus and endpoint security solutions.

The Final Payload: Remcos – Swiss Army Knife RAT: With Remcos successfully loaded into memory, the attackers gained full control over the compromised system, enabling a wide range of malicious activities, including unauthorized access, data theft, keylogging, and remote surveillance.

The detailed technical research by Check Point Research provides insights into the complexity of this attack’s execution, focusing on evasion techniques and deobfuscation procedures used by the malicious actors. 

Source: https://cybersecuritynews.com/massive-phishing-attack/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as...

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Cyber Security

Zero Trust Data Access (ZTDA) constitutes a fundamental aspect of the wider Zero Trust security framework, which entails limiting data access. The Zero Trust security approach...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO