Malicious email campaign deploys info stealer malware — beware

Cybersecurity researchers recently discovered an info-stealing malware deployed through a malicious email campaign, and all it takes is for tricked victims to open and extract the contents of a sneaky attachment.

Spotted by cybersecurity company Trustwave (via BGR), the threat actors send spam emails to potential victims and attach an ISO file disguised as a “request.doc.” Once executed,  the malware is capable of  “harvesting system information and data from a wide range of browsers and other applications.” 

As senior security researcher Diana Lopera states, an ISO file format is often used by cybercriminals to use as a malware container. In this instance, the email attachment features two files, including a Microsoft Compiled HTML Help (CHM) file “pss10r.chm” and an executable “app.exe.”

Vidar malware spam message via Trustwave (Image credit: Trustwave)

Once the attachment is open and the files are extracted, the malware compromises the system. With CHM, a Microsoft Compiled HTML Help format often used for software documentation, the file can silently run the app.exe. Once it’s finished, it can delete the files it created to erase any evidence.

“MailMarshal supports the unpacking of ISO and CHM files,” Lopera explains. “One of the objects unpacked from the CHM is the HTML file “PSSXMicrosoftSupportServices_HP05221271.htm”- the primary object that gets loaded once the CHM “pss10r.chm” is opened. This HTML has a button object which automatically triggers the silent re-execution of the CHM “pss10r.chm” with mshta.”

For a deeper dive into how the malware works, check out Trustwave’s report. Trustwave didn’t note any victims of the email campaign, but hackers are still capable of sending spam emails with the cyber threat attached to any email account, including Gmail.

As always, be wary of suspicious emails with unknown attachments, and stay clear of opening them if you’re not familiar with the sender. Last year, we reported that your Gmail is worth more than a bank account on the dark web, seeing as email accounts are generally a hub of private information. To keep safe online, consider getting one of the best antivirus apps for your devices. 

Source link

We will be happy to hear your thoughts

Leave a reply

Enable registration in settings - general
Shopping cart