![]() You do not need to send all messages with attachments or DOCX / PDF documents to the spam folder in order to protect your team from malware and avoid scams. How to manage potentially dangerous attachments In some cases, cybercriminals used two attachments (an ISO and a DOC) to ensure infection. Inside the image was a malicious executable file that, once executed, activated and installed spyware on the device. This is the case with Trojan Agent Tesla, that stole credentials. The scammers used a disk image to send malware. These files (disk images) are basically a virtual copy of a CD, DVD or other type of disk. IMG and ISO Disk ImagesĬompared to previous formats, IMG and ISO files are not used very often for malware attacks, although cybercriminals have recently devoted attention to them. Of course, the victims' credentials went directly to the scammers. For example, in a spam campaign, scammers encouraged users to visit a "safe" page where they needed to log into their American Express account. In addition, cybercriminals like to hide malicious links in PDF. In fact, this format can be used to create and run JavaScript files. Many users are aware of the dangers of macros in Microsoft Office documents, but generally not of the traps hidden in PDF files. If the victim opened the file and accepted to activate the macro (disabled by default due to security reasons), the Trojan was downloaded to the computer. ![]() For example, a banking Trojan known as Ursnif has infected many devices of Italian users by imitating a payment notification. They are sent in disguise, as contracts, invoices, tax notifications, and management team messages. Typically, these files are intended for employees of companies that work in offices. These files may contain integrated macros -small programs that run inside the file, which cybercriminals use as scripts to download malware. Microsoft Office files, all Word documents (DOC, DOCX), Excel spreadsheets (XLS, XLSX, XLSM), presentations and templates are also very popular with cybercriminals. Therefore, we recommend that all WinRAR users update the program immediately to avoid malware. That is, the files could go to the boot folder, and would run on the next reboot. Apparently, during the creation of a file, you can set a series of commands, so that the content is unzipped in the system folder. This year, we also witnessed the discovery of a very interesting resource in WinRAR. A few weeks later, a group of scammers sent files with Trojan Qbot, specialized in data theft. For example, they used ZIP files named Love_You0891 (numbers may vary) to distribute the GandCrab ransomware on Valentine's Day. ZIP and RAR FilesĬybercriminals love to hide malware in files. The scammers have their favorite formats and in this publication we will discuss the types of files most used this year to hide malware. In order for the receiver to click and open the file that downloads the malware, cybercriminals do a makeover to make it interesting, useful or important: a working document, a good offer, a gift card with the logo of a well-known company, etc. Every day, millions of spam messages are sent and although most are harmless advertisements, eventually a malicious file is hidden in one of the messages.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |