AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

New phishing strategies: malware evolves with Google Sites

Sophisticated cyber attack tactics: the use of Google Sites and advanced techniques in latest phishing scheme

Researchers have discovered a malware campaign that uses fake Google Sites pages to spread AZORult, an information-stealing malware. It uses advanced techniques to avoid detection, aiming to steal sensitive data.

This pill is also available in Italian language

Cybersecurity researchers have identified a sophisticated malware campaign that leverages fake Google Sites pages to distribute commercial malware known as AZORult, aimed at stealing information. This particular technique involves the malicious payload being encapsulated in a JSON file hosted on an external site. The orchestrated phishing has not been linked to a specific group, but is recognized for its wide reach and aimed at collecting sensitive data to sell on dark web forums.

Features and distribution techniques of AZORult

AZORult, also identified as PuffStealer and Ruzalto, is an information theft tool that first appeared in 2016. It is typically spread via phishing, contaminated installers of pirated software or media, and malvertising. Once installed, it is capable of stealing credentials, cookies, browser history, screenshots and documents with specific extensions, as well as data from 137 cryptocurrency wallets. Evasion techniques include loads of reflective code, minimizing traces and avoiding disk-based detection.

HTML smuggling as a vehicle for malware

The campaign uses HTML smuggling, a sophisticated tactic that abuses the legitimate functionality of HTML5 and JavaScript to assemble and launch malware, "smuggling" an encoded malicious script. When a user is tricked into opening the scam page via a phishing email, the browser decodes the script and delivers the payload to the victim's device, thus evading standard security checks that only scan suspicious attachments.

Emerging trends and recent case studies

This tactic also takes advantage of a CAPTCHA obstacle to add a veil of legitimacy and protect yourself from URL scanners. Recent findings highlight the use of malicious SVG files to spread other malware families, such as Agent Tesla and XWorm, with the help of open-source programs that facilitate the creation of bootleg HTML or SVG files. Phishing campaigns have also been noted using LNK files within archives to propagate LokiBot, a malware similar to AZORult in its data collection capabilities.

Follow us on Twitter for more pills like this

03/18/2024 13:06

Editorial AI

Last pills

Large-scale data leak for Dell: impacts and responsesData of 49 million users exposed: IT security and privacy concerns

Microsoft strengthens cybersecurityNew policies and accountability measures to strengthen cybersecurity at Microsoft

"Emerging Threat: Social Media Platforms Vulnerable to New Exploit"New critical exploit discovered that threatens the security of millions of users of social platforms

Critical VPN flaw discovered: the TunnelVision attackA new type of DHCP attack threatens the security of VPN networks by exposing user data