ZDNet reports that Microsoft Windows users are being targeted by a new phishing campaign involving a malicious attachment deploying the AveMariaRAT, PandoraHVNC, and BitRAT malware strains.
Threat actors behind the attack have been sending an initial phishing message purporting to be a trusted payment report that lures recipients into opening the attached Excel document, which has macros that if opened will trigger malware delivery, a Fortinet report revealed.
Researchers also discovered that the malware is being fetched through Visual Basic Application scripts and PowerShell, with the latter being divided into three to facilitate the delivery of the three malware strains.
Attackers could then leverage the malware to allow the theft of user credentials, bank information, and other sensitive data, with BitRAT noted to enable total Windows system takeovers.
However, the report did not elaborate on why the campaign needed to deliver three different malware payloads. Users have been urged to be more vigilant of emails claiming to have valuable attachment-stored data to prevent such attacks.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.
Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.
BleepingComputer reports that individuals who have filed claims against bankrupt cryptocurrency lender Celsius have been subjected to phishing attacks involving the impersonation of the lender's claims agent, Stretto.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news