FreeMilk | New Phishing campaign by Hackers | Hijack Emails & Deploy Malware
Palo Alto Networks Unit 42 identified a limited spear phishing campaign targeting various individuals across the world. They said " The spear phishing campaign has a limited but wide range of targets in different regions,"
Security researchers have discovered a new clever targeted spear-phishing campaign used by hackers to interrupt ongoing email conversations between individuals and hijack them to deploy malware.
Palo Alto Networks Unit 42 researchers said the sophisticated campaign, Called FreeMilk, uses the CVE-2017-0199 Microsoft Word Office or WordPad Remote Code Execution Vulnerability with carefully crafted decoy content customised for each target recipient. as per their research, the spear phishing emails came from multiple compromised email accounts tied to a legitimate domain in North East Asia.
In this attack, threat actors hijack a legitimate, ongoing/existing conversation between two recipients and pose as the legitimate senders to send malicious spear phishing emails to the other, after successful exploitation, the malicious document delivered two malware payloads PoohMilk and Freenki infect the targeted system. PoohMilk's main goal is to run the Freenki downloader in the system and Freenki, has to collect host information and serve as a second stage downloader.
After that, the malware collects the host's MAC address, username, computer name and running processes. Freenki is able to take screenshots of the infected system and send them over to a command server for the threat actors to exploit and download additional malicious software in the system.
The targeted victims in this campaign we identified include - a bank based in the Middle East, trademark and intellectual property service companies based in Europe, an international sporting organisation, individuals with indirect ties to a country in North East Asia.
For more update don't forget to Like, Subscribe and Share. :-)
Subscribe My YouTube Channel - http://bit.ly/2x7HSsw
Like Our Facebook Page - www.fb.com/RubanTheGeek
Follow Us on Twitter - www.twitter.com/ruban_thegeek
Story/News collected from - https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/
Picture collected from - https://www.gohacking.com/wp-content/uploads/2015/02/learn-how-to-hack-735x400.jpg
Comments
Post a Comment