AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

New phishing strategies: malware evolves with Google Sites

Sophisticated cyber attack tactics: the use of Google Sites and advanced techniques in latest phishing scheme

Researchers have discovered a malware campaign that uses fake Google Sites pages to spread AZORult, an information-stealing malware. It uses advanced techniques to avoid detection, aiming to steal sensitive data.

This pill is also available in Italian language

Cybersecurity researchers have identified a sophisticated malware campaign that leverages fake Google Sites pages to distribute commercial malware known as AZORult, aimed at stealing information. This particular technique involves the malicious payload being encapsulated in a JSON file hosted on an external site. The orchestrated phishing has not been linked to a specific group, but is recognized for its wide reach and aimed at collecting sensitive data to sell on dark web forums.

Features and distribution techniques of AZORult

AZORult, also identified as PuffStealer and Ruzalto, is an information theft tool that first appeared in 2016. It is typically spread via phishing, contaminated installers of pirated software or media, and malvertising. Once installed, it is capable of stealing credentials, cookies, browser history, screenshots and documents with specific extensions, as well as data from 137 cryptocurrency wallets. Evasion techniques include loads of reflective code, minimizing traces and avoiding disk-based detection.

HTML smuggling as a vehicle for malware

The campaign uses HTML smuggling, a sophisticated tactic that abuses the legitimate functionality of HTML5 and JavaScript to assemble and launch malware, "smuggling" an encoded malicious script. When a user is tricked into opening the scam page via a phishing email, the browser decodes the script and delivers the payload to the victim's device, thus evading standard security checks that only scan suspicious attachments.

Emerging trends and recent case studies

This tactic also takes advantage of a CAPTCHA obstacle to add a veil of legitimacy and protect yourself from URL scanners. Recent findings highlight the use of malicious SVG files to spread other malware families, such as Agent Tesla and XWorm, with the help of open-source programs that facilitate the creation of bootleg HTML or SVG files. Phishing campaigns have also been noted using LNK files within archives to propagate LokiBot, a malware similar to AZORult in its data collection capabilities.

Follow us on Instagram for more pills like this

03/18/2024 13:06

Marco Verro

Last pills

Data breach: Fortinet faces new hack, 440GB of stolen informationFortinet under attack: hackers breach security and make information public. discover the details and the consequences for the privacy of involved users

Shocking cyber espionage discoveries: nation-state threatsHow state-of-state cyberwarfare is changing the game in the tech industry: Details and analysis of recent attacks

A new era for Flipper Zero with firmware 1.0Discover the revolutionary features of Flipper Zero firmware 1.0: performance improvements, JavaScript, and enhanced connectivity

EUCLEAK, the vulnerability that allows cloning of YubiKey FIDO sticksLearn how the EUCLEAK vulnerability puts your cryptographic keys at risk