Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
  • County:
  • Country:
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

April 15, 2021

Cybercriminals are resorting to go looking engine poisoning methods to lure enterprise professionals into seemingly respectable Google websites that set up a Distant Entry Trojan (RAT) able to finishing up a variety of assaults.

The assault works by leveraging searches for enterprise types akin to invoices, templates, questionnaires, and receipts as a stepping stone towards infiltrating the programs. Customers trying to obtain the alleged doc templates are redirected, with out their data, to a malicious web site that hosts the malware.

password auditor

“As soon as the RAT is on the sufferer’s pc and activated, the menace actors can ship instructions and add further malware to the contaminated system, akin to ransomware, a credential stealer, a banking trojan, or just use the RAT as a foothold into the sufferer’s community,” researchers from eSentire said in a write-up revealed on Tuesday.

The cybersecurity agency mentioned it found over 100,000 distinctive internet pages that comprise widespread enterprise phrases or key phrases akin to template, bill, receipt, questionnaire, and resume, thus permitting the pages to be ranked greater on the search outcomes, and subsequently, rising the chance of success.

password auditor

As soon as a sufferer lands on the attacker-controlled web site and downloads the doc being looked for, it turns into an entry level for extra subtle threats, finally ensuing within the set up of a .NET-based RAT known as SolarMarker (aka Yellow Cockatoo, Jupyter, and Polazert).

In a single case investigated by eSentire, which concerned an worker of a monetary administration firm, the malware executable was disguised as a PDF doc that, when launched, deployed the RAT together with a respectable model of Slim PDF as a decoy.

“One other troubling side of this marketing campaign is that the SolarMarker group has populated a lot of their malicious internet pages with key phrases regarding monetary paperwork,” mentioned Spence Hutchinson, eSentire’s supervisor of menace intelligence.

“A monetary cybercrime group would think about an worker, working within the finance division of an organization, or an worker, working for a monetary group, a excessive worth goal. Sadly, as soon as a RAT is comfortably put in, the potential fraud actions are quite a few.”

Posted in SecurityTags:
Write a comment