reports that Microsoft Windows users are being targeted by a new phishing
campaign involving a malicious attachment deploying the AveMariaRAT, PandoraHVNC, and BitRAT malware strains.
Threat actors behind the attack have been sending an initial phishing message purporting to be a trusted payment report that lures recipients into opening the attached Excel document, which has macros that if opened will trigger malware delivery, a Fortinet report revealed.
Researchers also discovered that the malware is being fetched through Visual Basic Application scripts and PowerShell, with the latter being divided into three to facilitate the delivery of the three malware strains.
Attackers could then leverage the malware to allow the theft of user credentials, bank information, and other sensitive data, with BitRAT noted to enable total Windows system takeovers.
However, the report did not elaborate on why the campaign needed to deliver three different malware payloads. Users have been urged to be more vigilant of emails claiming to have valuable attachment-stored data to prevent such attacks.