Researchers have found a new phishing campaign in the wild where three different infostealers attack the target system. Currently, the campaign is actively targeting Windows users to steal data.
Phishing Attack Dropping Three Infostealers At Once
According to a recent post from Fortinet, their research team has discovered a peculiar phishing campaign actively targeting Windows users. In this campaign, three different infostealers (data-stealing malware) attack the target device – AveMariaRAT / BitRAT / PandoraHVNC.
As elaborated, the attack begins with a phishing email impersonating a trusted source. The email includes a payment report as an attachment, tricking the user into opening the file.
Once the victim opens the malicious Excel file, an alert appears on the screen regarding enabling Macros. Although, at this point, choosing “Disable Macros” should halt the intended action. But the malicious file actually embeds an auto-start Macro that begins using VBA method right after opening the file.
That means the underlying attack executes right there, completing various steps to gain persistence on the target system. Eventually, after abusing PowerShell and VBA, the final malware payload gets deployed and executed on the device.
The researchers have explained the technical steps in their post, and have stated that the campaign deploys fileless malware on target systems, which then keep pilfering device data.
Beware Of Phishing Attacks
Fortinet has deemed it a “critical” severity threat, urging users to stay careful.
Although this phishing campaign looks dangerous, considering the beginning of the attack, avoiding it seems trivial. It merely requires the users to stay careful with the emails they receive.
The rule of thumb remains to not consider unsolicited emails, or the ones from untrusted sources, especially if they include an attachment or ask to click on a URL. Instead of responding to such messages right away, users should instead consider reaching out to the apparent sender of the email via other means and verify the legitimacy of the message. This will significantly reduce the chances of successful phishing malware attacks.
Let us know your thoughts in the comments.