The hacking method using a file that looks like an Excel file has started to spread. In the technical analysis carried out by the researchers, it was confirmed that the hackers sent phishing emails with the subject “order”.
The Microsoft Excel file attached to the email is designed to exploit a remote code execution vulnerability (CVE-2017-0199) in Office.
When triggered, the file downloads an HTML Application (HTA) file from a remote server and runs it through mshta.exe.
This downloaded HTA file installs a second malware from the same server and runs anti-analysis and anti-debugging processes. After these steps, Remcos RAT is installed and running.
NOT ON THE ABOVE MAL-WARE LIST
Remcos was not originally considered malware, but was developed as legitimate commercial software for remote administration tasks. However, like Cobalt Strike, it has been misused by cybercriminals and is now more commonly associated with unauthorized access, data theft and espionage purposes.
This new version used by hackers is loaded directly into the device’s memory. “Instead of saving and running the Remcos file as a local file, it places it directly in the memory of the current process,” explained officials.
2024-11-12 10:44:00
#Suddenly #connect #distance #spreads #click.. #Sözcü #Newspaper
