Researchers have observed the cybercrime group back in action, now using a new tactic for distributing malware.
Cybercrime group Evil Corp (a.k.a. Dudear) is back in action after a short hiatus, with a technique in its arsenal not previously used by the group to distribute malware.
Microsoft on Thursday said that it observed emails from the cybercriminal gang utilizing HTML redirectors. Microsoft is unclear whether these HTML redirectors are URLs in the body of the email itself or if they are embedded into an attachment to the email. Regardless, once they are clicked on, they automatically download a malicious Excel file. Next, if the victim “enables editing” in the Excel file, the final payload is dropped.
“This is the first time that Dudear is observed using HTML redirectors,” according to a tweet by the Microsoft Security Intelligence research team, which also released indicators of compromise (IoCs) for the attack. “The attackers use HTML files in different languages. Notably, they also use an IP trace-back service to track the IP addresses of machines that download the malicious Excel file.”
For More Details :
https://threatpost.com/evil-corp-returns-with-new-malware-infection-tactic/152430/
