Attackers leveraged phishing emails with a malicious Word attachment having the same text as Microsoft's support bulletin regarding its Recovery Tool for outage-hit devices that contains macros, which when enabled facilitates the download of a DLL file.
Further examination of a breached checkout page revealed the inclusion of a suspicious script with base64 variables and hex strings that exfiltrate credit card information, as well as names and addresses via the querySelectorAll function.
Chinese state-sponsored hacking group Daggerfly, also known as Evasive Panda and Bronze Highland, has leveraged an updated version of the MACMA macOS malware, as well as the new Nightdoor backdoor, also known as Suzafk and NetMM, in attacks against Taiwanese organizations and a China-based U.S. non-governmental organization.
Intrusions by UAC-0063 involved the initial compromise of an employee's email account to facilitate the delivery of the malware strains, with Cherryspy enabling Python code execution and Hatvibe allowing further compromise.
Elon's Killer Robots, Crowdstrike and More Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet, and more, on this Edition of the Security Weekly News.
Installation of AsyncRAT and BOINC occurs at the last part of the multi-stage attack, with the latter facilitating system information exfiltration after establishing a connection with a remote server.