The attack has a similar delivery routine, with the crooks using fraudulent emails that carry an attachment responsible for downloading the pest and trying to pass themselves off as business contacts or customers in search of information. They abuse the way Windows displays files of this type, hiding the format, to deliver a TEXT.txt.js file — as the end is hidden by the operating system, the user may think this is an ordinary text document.
Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!
According to the HP threat research team, responsible for the alert, the practice has already been carried out in association with eight different malware families. Furthermore, in 89% of executions, security software and routines were not able to detect and, mainly, prevent malicious behavior.
In the experts’ view, the format used, .js, is uncommon, which makes it escape traditional checking routines. In addition, criminals are betting on the misconfiguration of corporate email services — they can be configured to automatically block attachments with executable extensions, but few actually do. To users, when an email arrives, the idea is that it has passed this verification and, therefore, it can be safe.
The HP report speaks of attacks that have been taking place over the past three months, with different malware families being used by many different gangs as well. Most of the attacks involve stealing credentials or logging typed data, with mostly corporate targets implying that this may even be an initial step in trading data or carrying out ransomware attacks.