Attackers Launched a Rapidly Changing Malware which uses .DOC Extension

Attackers Launched a Rapidly Changing Malware which uses .DOC Extension

A new malware has been discovered by security experts, they observed that it is constantly altering its behavioral patterns in an attempt to bypass the email security protection.

As dissemination of malware through email campaigns is becoming common day by day, email security providers are devising new ways to battle and terminate such malicious activities.

However, cybercriminals are employing subtle and sophisticated methods to bypass all the layers of security, which has led to a massive upsurge in successful malware campaigns.

In the aforementioned case, the infected emails are sent to the potential victims, which on being accessed leads to the downloading of a word template with a .doc extension.

Notably, the attack is configured quite differently than most of the attacks which make use of a single pattern with little customizations. In this attack, a number of different email addresses, subject headings, display name spoofs, body content, and URLs are used.

The attackers send the malspam email which entails an infected link which takes the user to a corrupted website that has the malware all set to sneak into the system and infect it.

Referencing from the findings of researchers at the only cloud-native security platform, Greathorn, “Initially, this attack pattern identified  at 12:24pm on Wednesday, February 20th, the attack has (so far) consisted of three distinct waves, each wave corresponding with a different destination URL, one at 12:24pm ET, one 2:05pm ET, and a third at 2:55pm ET, suggesting an attack pattern that anticipated and planned for relatively quick shutdowns of the destination URLs. “

Leave a Reply

Your email address will not be published. Required fields are marked *