- VENOM phishing kit targets C-Suite executives by name
- Emails mimic SharePoint notifications with Unicode QR codes
- Attackers steal credentials, 2FA codes, and access tokens
If you work as Director or a C-Suite at a major global organization, be on the lookout for a new phishing attack targeting you by name.
Security researchers from Abnormal have warned of a campaign in which the threat actors carefully cherry-pick their targets and then approach them with a highly tailored phishing email, whose goal is to steal login credentials and 2FA codes.
The entire process is built in a previously undocumented phishing kit called VENOM, which has a licensing and activation model, structured token storage, and a full campaign management interface.
Article continues below
Stealing secrets
Abnormal says that it has not yet appeared in any public threat intelligence databases and was not observed being sold on dark-web forums. This means that it is most likely a closed-access platform distributed through vetted channels.
The emails themselves are themed around SharePoint document-sharing notifications. The victims are led to believe they have been given a document, and are invited to scan the provided QR code to access it.
The QR code itself is a work of art, as well. Instead of simply embedding an image (which might get picked up by email security solutions), the threat actors built it entirely from Unicode block characters rendered inside an HTML .
Those that scan the code are first redirected to a fake verification checkpoint, designed to filter out bots, scanners, sandboxes, and security researchers. After passing the checkpoint, the victims are presented with one of two ways of authenticating: either with login credentials and a 2FA code, or through device sign-in using Microsoft’s legitimate device code flow. The former steals passwords and relays 2FA codes, while the latter obtains access tokens.
Defending against these attacks is the same as against any other phishing email – using common sense, skepticism, and a touch of paranoia when reading emails.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/CT482eMSRL8PagRtuBVYNd-2000-80.jpeg
Source link
