Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

PDF Phishing Leads to Nanocore RAT, Targets French Nationals

Pdf_1

Malware developers use a variety of distribution methods in order to confuse users and evade certain AV solutions. Recently, FortiGuard Labs found a phishing campaign targeting French Nationals. In this campaign, a PDF file with an embedded javascript is used to download the payload from a Google Drive shared link. As it turns out, the downloaded file is an HTA (HTML Application) file, a format that is becoming more and more common as a malware launch point. It is usually used as a downloader for the actual binary payload. However in this campaign, the binary payload, which was later found to be aNanoCore RAT client, is actually embedded in the obfuscated HTA. This way, the HTA effectively serves as a wrapper to try and slip passed traditional file type-based scanning in the network as well as anti-spam services.

Kill Chain Analysis

Fig. 1 Kill Chain

In this spam email campaign, threat actors bait French-speaking users to open a PDF attachment through a fake bank loan...(continued)

View All Trending Stories