Microsoft shares details of malware attack on aerospace, travel sector factory outlet cc, cc fresh carding

Microsoft has recently uncovered a spear-phishing campaign targeting aerospace and travel organizations and warns about their multiple remote access trojans (RATs) deployed using a new and stealthy malware loader.
Attackers are using phishing emails to spoof legitimate organizations and further use images to lure the companies into opening documents that seem like PDFs containing info related to several industry sectors, including aviation, travel, and cargo. 
SEE: Gamers targeted in new malware attack with games cheat codes
As it appears to be, Microsoft noted , this campaign is moving towards achieving an end goal of harvesting and exfiltrating data from infected devices using the RATs’ remote control, keylogging, and password-stealing capabilities.
Once deployed, the malware allows attackers to “steal credentials, screenshots and webcam data, browser and clipboard data, system and network information, and exfiltrate data often via SMTP Port 587.”
Malicious email (Image provided by Microsoft)
SEE: Hackers Setup Fake Cyber Security firm to Target InfoSec Experts
What makes this campaign truly different from the others that have been observed in the past is the RAT loader that is employed and designed to bypass detection.
The newly discovered loader monetized under a Crypter-as-a-Service model, named Snip3 by Morphisec malware analysts, is used to drop Revenge RAT, AsyncRAT, Agent Tesla , and NetWire RAT payloads on compromised systems.
Links abusing legitimate web services and embedded within the phishing messages download the first-stage VBScript VBS files that execute a second-stage PowerShell script which in turn executes the final RAT payload using Process Hollowing.
If you are an employee responsible for your company’s IT infrastructure watch out for this campaign as malicious emails sent by cybercriminals look authentic enough to trick recipients into clicking attachment and infecting their system with malware.
factory outlet cc cc fresh carding

Author: wpadmin