As per reports, the infamous malware outbreak "Emotet" is now being spread via malicious Windows App Installer packages posing as Adobe PDF applications. Emotet is a malware that spreads by phishing emails and malicious attachments to capture victims' emails and distribute malware like TrickBot and Qbot, which usually leads to ransomware attacks. This new Emotet campaign begins with stolen reply-chain emails that poses as a reply to an existing conversation, urging the recipient to "Please see attached" and contain a link to an alleged PDF related to the email conversation. When the user clicks the link, they will be redirected to a phony Google Drive website where they will be asked to click a button to preview the PDF document which is a ms-appinstaller URL that tries to open an appinstaller file hosted on Microsoft Azure utilizing URLs beginning with *.web.core.windows.net. An appinstaller file is XML file that contains information about the signed publisher as well as the URL for the appbundle to be installed. The Windows browser will ask if you want to use the Windows App Installer software to proceed when you try to access an.appinstaller file. After you accept, an App Installer window will appear, asking you to install the 'Adobe PDF Component.' App Installer will download and install the malicious appxbundle hosted on Microsoft Azure once a user hits the 'Install' button. This appxbundle will place a DLL in the percentTemp% folder and launch it using rundll32.exe. Until a law enforcement operation shut down and seized the botnet's infrastructure, Emotet was the most widely disseminated malware. Emotet was reborn ten months later when it began to rebuild with the aid of the TrickBot malware.
Frontier Communications, a prominent U.S. telecom provider, is in the process of restoring its systems following a cyberattack that targeted some of its IT infrastructure. The brea...
The U.S. food and agriculture sector experienced 167 ransomware attacks in 2023, positioning it as the seventh most targeted industry in the nation. Notable companies such as Dole,...
Michigan healthcare provider Cherry Street Services (Cherry Health) is alerting over 180,000 individuals about a recent data breach stemming from a ransomware attack. The incident,...