As per reports, the infamous malware outbreak "Emotet" is now being spread via malicious Windows App Installer packages posing as Adobe PDF applications. Emotet is a malware that spreads by phishing emails and malicious attachments to capture victims' emails and distribute malware like TrickBot and Qbot, which usually leads to ransomware attacks. This new Emotet campaign begins with stolen reply-chain emails that poses as a reply to an existing conversation, urging the recipient to "Please see attached" and contain a link to an alleged PDF related to the email conversation. When the user clicks the link, they will be redirected to a phony Google Drive website where they will be asked to click a button to preview the PDF document which is a ms-appinstaller URL that tries to open an appinstaller file hosted on Microsoft Azure utilizing URLs beginning with *.web.core.windows.net. An appinstaller file is XML file that contains information about the signed publisher as well as the URL for the appbundle to be installed. The Windows browser will ask if you want to use the Windows App Installer software to proceed when you try to access an.appinstaller file. After you accept, an App Installer window will appear, asking you to install the 'Adobe PDF Component.' App Installer will download and install the malicious appxbundle hosted on Microsoft Azure once a user hits the 'Install' button. This appxbundle will place a DLL in the percentTemp% folder and launch it using rundll32.exe. Until a law enforcement operation shut down and seized the botnet's infrastructure, Emotet was the most widely disseminated malware. Emotet was reborn ten months later when it began to rebuild with the aid of the TrickBot malware.
Belarus' main security service agency, the KGB, has reportedly been offline for two months following a cyberattack by politically motivated Belarusian hackers known as the Bela...
The Latrodectus malware, also known as Unidentified 111 and IceNova, is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate ...
Dropbox, the cloud storage company, disclosed a recent cybersecurity breach where a hacker accessed sensitive information, including passwords, following unauthorized access to the...