AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

New phishing strategies: malware evolves with Google Sites

Sophisticated cyber attack tactics: the use of Google Sites and advanced techniques in latest phishing scheme

Researchers have discovered a malware campaign that uses fake Google Sites pages to spread AZORult, an information-stealing malware. It uses advanced techniques to avoid detection, aiming to steal sensitive data.

This pill is also available in Italian language

Cybersecurity researchers have identified a sophisticated malware campaign that leverages fake Google Sites pages to distribute commercial malware known as AZORult, aimed at stealing information. This particular technique involves the malicious payload being encapsulated in a JSON file hosted on an external site. The orchestrated phishing has not been linked to a specific group, but is recognized for its wide reach and aimed at collecting sensitive data to sell on dark web forums.

Features and distribution techniques of AZORult

AZORult, also identified as PuffStealer and Ruzalto, is an information theft tool that first appeared in 2016. It is typically spread via phishing, contaminated installers of pirated software or media, and malvertising. Once installed, it is capable of stealing credentials, cookies, browser history, screenshots and documents with specific extensions, as well as data from 137 cryptocurrency wallets. Evasion techniques include loads of reflective code, minimizing traces and avoiding disk-based detection.

HTML smuggling as a vehicle for malware

The campaign uses HTML smuggling, a sophisticated tactic that abuses the legitimate functionality of HTML5 and JavaScript to assemble and launch malware, "smuggling" an encoded malicious script. When a user is tricked into opening the scam page via a phishing email, the browser decodes the script and delivers the payload to the victim's device, thus evading standard security checks that only scan suspicious attachments.

Emerging trends and recent case studies

This tactic also takes advantage of a CAPTCHA obstacle to add a veil of legitimacy and protect yourself from URL scanners. Recent findings highlight the use of malicious SVG files to spread other malware families, such as Agent Tesla and XWorm, with the help of open-source programs that facilitate the creation of bootleg HTML or SVG files. Phishing campaigns have also been noted using LNK files within archives to propagate LokiBot, a malware similar to AZORult in its data collection capabilities.

Follow us on WhatsApp for more pills like this

03/18/2024 13:06

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon