Threat actors have launched a new phishing campaign exploiting the file-sharing service WeTransfer to facilitate the distribution of the Lampion malware, according to BleepingComputer.
Cofense researchers discovered that the new campaign involves phishing email recipients being urged to download a WeTransfer "Proof of Payment" document, which is actually a ZIP archive with a Visual Basic Script file necessary for the commencement of the attack. Four scripts were discovered to be created by the WScript process initiated by the VBS file, with the first and second being empty and having little functionality, respectively, while the third script only triggers the fourth, noted researchers.
The report also showed that a new WScript process is launched by the fourth script, with the new process facilitating the retrieval of two DLL files from password-protected ZIPs.
Lampion malware will then be stealthily executed to commence exfiltration of data and targeting of bank accounts, the report added.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.
Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.
BleepingComputer reports that individuals who have filed claims against bankrupt cryptocurrency lender Celsius have been subjected to phishing attacks involving the impersonation of the lender's claims agent, Stretto.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news