FIN7 is back at it again this time using their infamous fileless malware to target U.S. restaurants using clever phishing emails designed to look like food orders.
The attacks seek to install a backdoor to steal financial information at will and the attackers appear to have already targeted Chick-Fil-A and Olive Garden locations among other restaurants judging by samples provided by the researchers, according to a June 9 Morphisec Lab blog post.
Researchers spotted the ongoing campaign on June 7 and said the group has incorporated some never-before-seen evasion tactics, which allow it to bypass most signature and behavior based security solutions.
Like previous FIN7 attacks, the threat actors use a malicious Word document to attach phishing emails that are well-tailored to daily operations of the target. However, while previous attacks used PowerShell commands and DNS queries to deliver the next shellcode stage (Meterpreter), in the most recent attack all DNS activity is initiated and executed solely from memory.
“Alarmingly, the detection score on VirusTotal for all of the documents continues to be 0/56 from the time the first documents were uploaded (1.6.2017) up until the date of this publication,” the post said.