2018-08-02-ISC-diary-image-01a  - 2018 08 02 ISC diary image 01a - Your Package is on its Way, But Not the One You Expected

HereR7;s a current scam those involved in shipping and receiving should be aware of. Suppose youR7;re expecting a package from a package delivery company. You receive a seemingly legitimate email from the shipping company offering a means to track the progress of your delivery by simply clicking on the supplied link “Arrival Notification.” The only problem is, as a result of the Microsoft default being set to hide file extensions; you don’t see the full file name “Arrival Notification .exe.”

You click on the file to check on your delivery but instead, you unleash an unwanted package, an executable file that compromises your computer with a seemingly innocent animated gif.

The scheme involves using Agent Tesla, a modern and powerful keystroke logger known to be used in malicious spam that pushes . This software monitors every move on your personal computer by way of the keyboard and monitor. Your computer now displays the victim viewing the animated gif in a browser on their monitor. It’s like looking in a mirror, and is known as “gifception.”

This is what happened when a mass distribution email spoofed DHL’s address, lending credibility to the email prompting the victims to open and click. In this case the criminals picked on DHL, but any shipping company could be spoofed.

By no means is this a new trick, although it may not have been quite so common recently. Embedding the malware in the gif may make it more difficult to detect, and criminals have embedded malware in images before. The only thing that changes is the delivery message.

To avoid becoming a victim, always check the of incoming emails. Never click on a link or executable file unless you know the sender is legitimate and remember to update your software. The implementation of best practices such as Software Restriction Policies (SRP) or Applocker could prevent these infections going forward. And, of course, those work best when they work for an informed, trained workforce. New-school interactive security awareness training can help make any organization’s employees more resistant to social engineering.

The Internet Storm Center has the story with in-depth technical analysis: https://isc.sans.edu/forums/diary/DHLthemed+malspam+reveals+embedded+malware+in+animated+gif/23944/



Source link
Based Blockchain Network

LEAVE A REPLY

Please enter your comment!
Please enter your name here