Watch out, that Excel document could be infected with dangerous malware

A new phishing campaign was recently spotted, distributing an Excel file
The file drops a fileless version of the Remcos RAT on the device
Remcos can steal sensitive files, log keys, and more

Hackers have been seen distributing a fileless version of the Remcos Remote Access Trojan (RAT), which they then use to steal sensitive information from the target devices using hijacked spreadsheet software.

In a technical analysis, researchers from Fortinet said they observed threat actors sending out phishing emails with the usual purchase order theme. Attached with the email is a Microsoft Excel file, built to exploit a remote code execution vulnerability found in Office (CVE-2017-0199). When triggered, the file will download an HTML Application (HTA) file from a remote server, and launch it via mshta.exe.

The downloaded file will pull a second payload from the same server, which will run the initial anti-analysis and anti-debugging, after which it will download and run Remcos RAT.

Remcos returns

For its part, Remcos was not always considered malware. It was built as a legitimate, commercial software, used for remote administration tasks. However, it was hijacked by cybercriminals, in the same way Cobalt Strike was hijacked, and is nowadays mostly used for unauthorized access, data theft, and espionage. Remcos can log keystrokes, capture screenshots, and execute commands on infected systems.

But this version of Remcos gets dropped directly into the device’s memory: “Rather than saving the Remcos file into a local file and running it, it directly deploys Remcos in the current process’s memory,” Fortinet explained. “In other words, it is a fileless variant of Remcos.”

Phishing via email continues to be one of the most popular ways cybercriminals infect devices with malware, and steal sensitive information. It is cheap to execute, and performs well, making it a highly efficient attack vector. The best way to defend against phishing is to use common sense when reading emails, and to be extra wary when downloading and running any attachments.

https://cdn.mos.cms.futurecdn.net/Ramk8kAMZnG58FVJidCvuF-1200-80.jpg

Source link

Amazon’s 2024 Black Friday deals revealed – here’s everything worth buying

Amazon launches Haul to fill your stockings for under $25

I sat inside an Afeela and I am so ready for this Sony Honda Mobility EV future

Georgia Tech Chip Design Program Empowers the Apple Workforce of Tomorrow

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Watch out, that Excel document could be infected with dangerous malware

Amazon’s 2024 Black Friday deals revealed – here’s everything worth buying

Amazon launches Haul to fill your stockings for under $25

I sat inside an Afeela and I am so ready for this Sony Honda Mobility EV future

Georgia Tech Chip Design Program Empowers the Apple Workforce of Tomorrow

Leave a reply Cancel reply