![]() The attack starts with an email containing a Microsoft Word attachment – but when the document is opened, it asks for permission to load an embedded Excel spreadsheet. See the Top EDR Solutions A Modular Infection ChainĪ separate campaign observed in mid-September uses a modular infection chain that enables attackers to change malicious payloads and introduce new features. “We expect HTML smuggling design variations and brand abuse to accelerate as attackers experiment to find the most effective lures,” the report warns. “What was interesting with the QakBot and IceID campaigns was the effort put in to creating the fake pages – these campaigns were more convincing than what we’ve seen before, making it hard for people to know what files they can and can’t trust,” Holland said. That’s even more of an issue when the social engineering is well thought out. “This makes attacks difficult to detect, especially when combined with HTML smuggling techniques.” “Archives are easy to encrypt, helping threat actors to conceal malware and evade web proxies, sandboxes, or email scanners,” HP Wolf Security senior malware analyst Alex Holland said in a statement. When the victim enters a password provided to them on the web page, the ZIP file then deploys malware on the victim’s PC. When victims open the files, they’re redirected to fake online document viewers masquerading as Adobe or Google Drive web pages, which tell victims to open an encrypted ZIP file allegedly containing the document. The QakBot and IceID campaigns, the report notes, trick victims with malicious HTML files masquerading as PDF documents. The change comes as Microsoft has begun disabling Office macros by default (see Hackers Find Alternatives to Microsoft Office Macros). ![]() Archive files are now the most common file type used to deliver malware – eclipsing Microsoft Office files for the first time – according to HP Wolf Security’s Q3 2022 Quarterly Threat Insights Report.įorty-four percent of malware was delivered via archive files in the third quarter of 2022, 11 percent more than the previous quarter and far more than the 32 percent delivered through Office files.
0 Comments
Leave a Reply. |