The Password Protected File: Added Security or Phishing Attack?
A new phishing campaign has been active and it is a strange one: it itself offers security to its victims! The scam does its damage by attempting a network breach. It is spreading via emails and a malicious file attachment, under the guise of a password protected file.
The Password Protected File: The promise of fake security
Security researchers who uncovered this phishing campaign stated that the scam has been active since early January. It contains a secure file, that has been apparently locked under a password for your maximum security. The theme of the email varies; sometimes it is about a refund, other times about online transfer of payments. The password protected file has been branded with a legitimate file security provider’s logo, creating a false atmosphere of security. The password also appears in the phishing email.
After you are prompted for a password, and you enter it, the protected file enables macros. These macros then start deploying scripts to further the damage. The entire mode of attack occurs through PowerShell, Windows’s own script editing program. The script installs a remote access tool onto your system. The tool is called NetSupport Manager, a widely used, authentic remote access mechanism that has helped IT managers for a long time.
Then the phishing script could branch into two possible attack modes. It could immediately steal whatever information it can, and relay it back to a remote server. Or, the malware could stay low, and perform data theft in the background. It can monitor your email communication to understand your ‘lingo’ and mailing patterns. It could steal your credentials. With all this data, the hacker could then decide to launch a bigger phishing attack, this time with a more direct, more lucrative payout.
Phishing Attacks are ever-evolving. While the mode of operation stays more or less constant, the ruses, subject lines, and mannerisms behind the emails keep changing. In this case, the NetSupport Manager is a legitimate tool, which means anti-virus tools won’t flag it down.
At such a time, your best bet for security would be to stop the attack from the entry point itself. We are ardent advocators of email security. We believe a strong email security service can stop attacks from spreading into your systems. So, we have reworked and refined our Email Advanced Threat Protection (ATP) service, which can detect and prevent all modern threats. Our service can fend against phishing attempts, known and unknown malware, BEC attacks, and also spear-phishing attacks.
With modern tools, you get only the latest security.
For more details, click here