Separ Malware Plucks Hundreds of Companies’ Credentials in Ongoing Phishing Attack

[silversurfer]

An ongoing phishing campaign is using malicious PDF documents to spread Separ malware and ultimately steal victims’ browser and email credentials.

Since the attack started at the end of January, it has affected around 200 companies and over 1,000 individuals, located mainly in Southeast Asia, the Middle East, and North America – and the bad actors behind the attack continue to upload stolen data daily, researchers with Deep Instinct told Threatpost.

The campaign’s effectiveness stems from a simple but dangerous tactic used by the Separ credential-stealer for evading detection: Using a combination of legitimate executable files and short scripts.

“Although the attack mechanism used by this malware is very simple, and no attempt has been made by the attacker to evade analysis, the growth in the number of victims claimed by this malware shows that simple attacks can be very effective,” said Guy Propper with Deep Instinct in a Tuesday post.

SOURCE: https://threatpost.com/separ-malware-cre...ng/142009/

[hanso]

A new version of Separ malware infects hundreds of businesses through ‘Living Off the Land’ attack method

• The attack started at the end of January and has affected around 200 companies and over 1,000 individuals.
  
  
• Separ malware is unique as it uses a combination of very short scripts or batch files and legitimate executable to evade detection.
  

An ongoing phishing campaign is using a new variant of Separ malware to infect hundreds of businesses located mainly in Southeast Asia, the Middle East, and North America. The attack started at the end of January and has affected around 200 companies and over 1,000 individuals.

Read the full news here.