Just received (September 5th, 2019) a notification alert about a new malware distribution campaign delivering info stealing malware: the malware collects information about the victim's system, including running processes, browser history, cookies, downloads, and installed software. Malware attempts to extract credentials from common web browsers, messengers, and email programs; takes screenshots; and searches for virtual currency wallets.
Vehicle used to distribute malware in this campaign are Word documents usually displaying an Office 365 like theme. These Word documents will request users to "Enable Content" - once user enable the content the malware becomes active.
Security recommendations:
1. Double check senders of e-mails containing attachments - hover the mouse over the sender (that is a simple label) and check e-mail address of the sender. If you are reading e-mail on mobile device by initiating Forward (but without sending it!) you will see in the forwarded e-mail the real sender address
2. Call/contact the sender if you have doubts he/she is the real initiator of that e-mail (their account might be hacked, and attackers used it to spread malware to all contacts found in compromised account address book!)
3. Never "Enable Content" for files from untrusted sources!
Comments
0 comments
Please sign in to leave a comment.