Microsoft Defender SmartScreen bug actively used in stealer campaign
- by nlqip
Once the HTA script, a Windows standalone program written in HTML is executed, it initiates PowerShell code that eventually establishes C2, downloads decoy PDF files for evasion, and a malicious shell injector.
“These files aim to inject the final stealer into legitimate processes, initiating malicious activities and sending the stolen data back to a C2 server,” Fortinet added.
The target applications for the observed stealer included web browsers, crypto wallets, messengers, email clients, VPN services, password managers, AnyDesk, and MySQL Workbench, among many others.
Source link
lol
Once the HTA script, a Windows standalone program written in HTML is executed, it initiates PowerShell code that eventually establishes C2, downloads decoy PDF files for evasion, and a malicious shell injector. “These files aim to inject the final stealer into legitimate processes, initiating malicious activities and sending the stolen data back to a C2…
Recent Posts
- Discord rolls out end-to-end encryption for audio, video calls
- Europol takes down “Ghost” encrypted messaging platform used for crime
- Phison President Promises AI Training, Tuning With A $50K Workstation
- Canary Trap’s Bi-Weekly Cyber Roundup – Canary Trap
- Cisco CX Leader Denzil Samuels Leaves For Solution Provider Behemoth NTT Data