TechRadar Posted March 19 Share Posted March 19 Hackers are using a novel phishing technique to deliver remote access trojans (RAT) to unsuspecting victims.According to the report, published this Monday, threat actors are using a technique called Object Linking and Embedding (OLE).This is a Windows feature that allows users to embed and link documents within documents, resulting in compound files with elements from different programs. New phishing methods This is according to cybersecurity experts Perception Point, who recently detailed a campaign they dubbed Operation PhantomBlu.The campaign starts with the usual phishing email, seemingly coming from the victim’s company accounting department. The emails are being sent from a legitimate marketing platform called Brevo, suggesting the platform was most likely compromised in some way.Attached with the email is a Word “monthly salary report” document. The victims that download the file are first asked to enter a password to open it, and then double-click a printer icon embedded in the doc.By doing that, the victim runs a ZIP archive file holding a Windows shortcut file, which runs a PowerShell dropper which deploys the NetSupport RAT from a remote server."By using encrypted .docs to deliver the NetSupport RAT via OLE template and template injection, PhantomBlu marks a departure from the conventional TTPs commonly associated with NetSupport RAT deployments," said Ariel Davidpur, the report’s author, adding the updated technique "showcases PhantomBlu's innovation in blending sophisticated evasion tactics with social engineering."NetSupport RAT is a weaponized version of NetSupport Manager, a legitimate remote control software, first released in 1989. For years now, NetSupport RAT was one of the most commonly used remote access trojans, allowing attackers unabated access to compromised devices. They can then use that access to deploy even more dangerous malware, including infostealers and ransomware.The best way to protect against these attacks is to be vigilant when receiving emails and only downloading attachments from verified sources. More from TechRadar Pro 1024-bit RSA keys for Windows will soon be no moreHere's a list of the best firewalls around todayThese are the best endpoint security tools right now View the full article Quote Link to comment Share on other sites More sharing options...
.png.6dd3056f38e93712a18d153891e8e0fc.png.1dbd1e5f05de09e66333e631e3342b83.png.933f4dc78ef5a5d2971934bd41ead8a1.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.