E-mail with a malicious link
#1
Exclamation 
Quote:
[Image: malware-link-under-the-picture-featured.jpg]

Spam and phishing e-mails are not the only threats you might find in your mailbox. Cybercriminals are still using good old links to malware.

When a conversation touches on credential theft, e-mail messages with phishing links tend to come up first. However, those messages represent just one means of obtaining user names and passwords for various online services. Scammers still mail links to spyware regularly, too. One trick they use to disguise those links is including an image that appears to be an attachment.

E-mail with a malicious link

Today, we’re looking at a targeted e-mail attack. The cybercriminals in question made their e-mail look credible, sending an RFQ (request for quotation) to a provider of industrial services and equipment vendor, with guidelines attached.

Industrial companies receive such requests fairly often, and account managers will typically open the guideline document and prepare a proposal, glossing over any slight discrepancies such as differences between the domain name and the sender’s signature. What we are interested in, here, is how cybercriminals get recipients to run the malware. Here’s what the e-mail looks like.

See the attached PDF? Well, what you’re looking at is not an attachment at all. Outlook does display e-mail attachments like this, but here you’ll find a number of differences:
  • The attachment icon should match the application associated with PDF files in your system. If not, then either it’s not an attachment or whatever’s attached is not a PDF file;
  • Details about the file — name, type, size — should appear if you hover your mouse over a real attachment. You shouldn’t instead see a link to some shady website;
  • The arrow next to the file name should be highlighted and function as a button that brings up a context menu;
  • The attachment should appear in a separate block, not in the body of the e-mail
In fact, this object disguised as a PDF attachment is just a regular image. If you try selecting parts of the message with your mouse or using Ctrl-A to select all, that much will be apparent.The image obscures a hyperlink to a malicious program. Clicking the link downloads a spyware Trojan.

Attack payload

In this particular case, the malicious link pointed to an archive named Swift_Banco_Unicredit_Wire_sepa_export_000937499223.cab, which contained a loader for a Trojan Kaspersky identifies as Trojan-Spy.Win32.Noon, a fairly commonplace spyware Trojan. Known since 2017, it enables attackers to steal passwords and other information from input forms.

How to stay safe

To keep spyware Trojans from harming your company, install a reliable security solution on every device with Internet access to prevent malware from running.

Additionally, train your employees to detect cybercriminals’ tricks in e-mails.
...
Continue Reading
Reply


Messages In This Thread
E-mail with a malicious link - by harlan4096 - 04 August 21, 07:04

Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
UltraSearch 4.6.0.1091
UltraSearch 4.6.0....harlan4096 — 10:38
Brave 1.73.91
Release Channel 1....harlan4096 — 10:11
AdGuard Browser Extension 5.0.169 (MV3)
AdGuard Browser Ex...harlan4096 — 10:10
uBOLite_2024.11.20.858
uBOLite_2024.11.20...harlan4096 — 10:09
CrystalDiskInfo 9.5.0 [2024/11/20]
9.5.0 ​ Added D...harlan4096 — 10:08

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (56)Stefanos

[-]
Online Staff
There are no staff members currently online.

>