9/5/2023 0 Comments Norton lifelock phishing email![]() ![]() If this is the case, it stops running on the victim’s computer. This is used for persistence and the script plays the role of a backup solution for installing NetSupport Manager.īefore the script continues its operations, it checks to see if an antivirus from either Avast or AVG is installed on the system. ![]() In a new report, the researchers at Palo Alto Networks’ Unit 42 explained that the MSI payload installs without any warnings and adds a PowerShell script in the Windows temp folder. The RAT binary is downloaded and installed onto a user’s machine with help from the ‘msiexec’ command in the Windows Installer service. If the user does input the correct password, the macro continues executing and builds a command string that installs the legitimate remote control software, NetSupport Manager. If the password is incorrect, the malicious action does not continue. Palo Alto Networks’ Unit 42, which discovered the campaign, also found that the password dialog box accepts only a upper or lowercase letter ‘C’. Victims are asked to enable macros and type in a password, provided in the phishing email containing the document, to gain access to it. However, to get users to enable macros, which are disabled by default, the threat actor behind the campaign used a fake password-protected Norton LifeLock document. The infection begins with a Microsoft Word document that contains malicious macros. ![]() The cybercriminals behind a recent phishing campaign used a fake Norton LifeLock document in order to trick victims into installing a remote access trojan ( RAT) on their systems. Hackers employed a clever trick to get users to enable macros in a malicious Word document. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |