Cyble Research and Intelligence Lab recently unearthed an elaborate, multi-stage malware attack targeting not only job seekers but also digital marketing professionals. The hackers are a Vietnamese threat actor who was utilising different sophisticated attacks on systems by making use of a Quasar RAT tool that gives a hacker complete control of an infected computer.
Phishing emails and LNK files as entry points
The attack initiates with phishing emails claiming an attached archive file. Inside the archive is a malicious LNK, disguised as a PDF. Once the LNK is launched, it executes PowerShell commands, which download additional malicious scripts from a third-party source, thus avoiding most detection solutions. The method proves very potent in non-virtualized environments in which malware remains undiscovered inside the system.
Quasar RAT Deployment
Then, the attackers decrypt the malware payload with hardcoded keys. Quasar RAT – a kind of RAT allowing hackers to obtain total access over the compromised system – is started up. Data can be stolen, other malware can be planted, and even the infected device can be used remotely by the attackers.
The campaign targets digital marketers primarily in the United States, using Meta (Facebook, Instagram) advertisements. The malware files utilised in the
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.