Experts at security firm Cofense observed an advanced phishing campaign delivering Quasar RAT via fake resumes.
The use of multiple anti-
The fake resumes distributed in this phishing campaign detected are password-protected Microsoft Word documents. The samples analyzed by the experts used ‘123’ as
Experts observed that attackers are using a trick to evade the detection, the macro was developed to crash analysis tools.
“If an analyst or automated system were then to attempt to analyze the macros using an analysis tool (such as the popular tool ‘
Researchers discovered that parts of the payload URL, along with additional information, are hidden as meta-data for embedded images and objects.
If the macro is successfully executed, it will display a series of images claiming to be loading content while it is repeatedly adding a garbage string to the document contents. This process will cause the system to display an error message while downloading and running a malicious executable in the background.
The last trick adopted by attackers to avoid detection is to download a Microsoft Self Extracting executable, then the Quasar RAT is dropped on the now compromised system.
(SecurityAffairs – phishing campaign, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.