In a new phishing campaign unearthed by Cofense researchers, the Lampion malware is being distributed massively, with hackers exploiting WeTransfer as part of their campaign.
WeTransfer is an internet-based computer file transfer service that can be utilized free of cost, hence it’s a no-cost way to circumvent security software that may not detect URLs in emails.
The malware authors are sending phishing emails from exploited firm accounts requesting customers to download a “Proof of Payment” document from WeTransfer.
The file sent to the targets is a ZIP archive containing a VBS (Virtual Basic script) file that the user must open in order for the attack to begin. Upon clicking on the file, the script launches a WScript process that manufactures four VBS files with random names. The first is empty, the second has limited functionality, and the third’s sole motive is to launch the fourth script.
According to Cofense re
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: