Armorblox has released its latest research analyzing a malware attack campaign that has been making waves, spreading its infection through a seemingly innocuous attachment disguised as a Microsoft OneNote note-taking app file.
How it works: Victims are presented with an email coming from what appears to be a trusted vendor or service provider. The email uses financial-based language to talk about the completion of a sale and prompts recipients to open the attached OneNote file where the billing expenses can be found. The OneNote file contains Windows Command Script (.cmd), which when opened, initiates the encoded powershell command to download the Qakbot payload onto the victim’s device to steal sensitive information.
You can read the research here.
Like this:
Like Loading...
Related
This entry was posted on February 28, 2023 at 9:00 am and is filed under Commentary with tags Armorblox. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Malware Phishing Attack Targeting 15,000 Inboxes Disguised as a Microsoft OneNote file to Extract Sensitive Info
Armorblox has released its latest research analyzing a malware attack campaign that has been making waves, spreading its infection through a seemingly innocuous attachment disguised as a Microsoft OneNote note-taking app file.
How it works: Victims are presented with an email coming from what appears to be a trusted vendor or service provider. The email uses financial-based language to talk about the completion of a sale and prompts recipients to open the attached OneNote file where the billing expenses can be found. The OneNote file contains Windows Command Script (.cmd), which when opened, initiates the encoded powershell command to download the Qakbot payload onto the victim’s device to steal sensitive information.
You can read the research here.
Share this:
Like this:
Related
This entry was posted on February 28, 2023 at 9:00 am and is filed under Commentary with tags Armorblox. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.