AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

New phishing strategies: malware evolves with Google Sites

Sophisticated cyber attack tactics: the use of Google Sites and advanced techniques in latest phishing scheme

Researchers have discovered a malware campaign that uses fake Google Sites pages to spread AZORult, an information-stealing malware. It uses advanced techniques to avoid detection, aiming to steal sensitive data.

This pill is also available in Italian language

Cybersecurity researchers have identified a sophisticated malware campaign that leverages fake Google Sites pages to distribute commercial malware known as AZORult, aimed at stealing information. This particular technique involves the malicious payload being encapsulated in a JSON file hosted on an external site. The orchestrated phishing has not been linked to a specific group, but is recognized for its wide reach and aimed at collecting sensitive data to sell on dark web forums.

Features and distribution techniques of AZORult

AZORult, also identified as PuffStealer and Ruzalto, is an information theft tool that first appeared in 2016. It is typically spread via phishing, contaminated installers of pirated software or media, and malvertising. Once installed, it is capable of stealing credentials, cookies, browser history, screenshots and documents with specific extensions, as well as data from 137 cryptocurrency wallets. Evasion techniques include loads of reflective code, minimizing traces and avoiding disk-based detection.

HTML smuggling as a vehicle for malware

The campaign uses HTML smuggling, a sophisticated tactic that abuses the legitimate functionality of HTML5 and JavaScript to assemble and launch malware, "smuggling" an encoded malicious script. When a user is tricked into opening the scam page via a phishing email, the browser decodes the script and delivers the payload to the victim's device, thus evading standard security checks that only scan suspicious attachments.

Emerging trends and recent case studies

This tactic also takes advantage of a CAPTCHA obstacle to add a veil of legitimacy and protect yourself from URL scanners. Recent findings highlight the use of malicious SVG files to spread other malware families, such as Agent Tesla and XWorm, with the help of open-source programs that facilitate the creation of bootleg HTML or SVG files. Phishing campaigns have also been noted using LNK files within archives to propagate LokiBot, a malware similar to AZORult in its data collection capabilities.

Follow us on Threads for more pills like this

03/18/2024 13:06

Editorial AI

Last pills

Career opportunities in Italian intelligence: entering the heart of securityFind out how to join the intelligence forces and contribute to national security

Hacker attack impacts Microsoft and US federal agenciesNational security implications and strategic responses to credential theft

Implications and repercussions of the serious cyberattack on the Lazio NHSConsequences and punitive measures after the ransomware attack that brought the regional healthcare system to its knees

Telecommunications security: flaw exposes conversations and 2FA to the risk of interceptionRisk of privacy violation through call diversion: measures and industry responses