Just when you think you understand the latest malware campaigns and cybercrime tactics, a new one pops up that is even more insidious. Case in point: A recently discovered attack launches a sophisticated info stealer to collect unprecedented sensitive information from device folders and browsers.
This current malware outbreak is particularly dangerous because it uses a very common and innocent-looking approach: phishing emails disguised as invoices.
What’s Happening With These Recent Cyber Attacks?
Most infostealer code targets information stored on the browser, like passwords and saved credit card details. But this latest malware campaign goes deeper, collecting that information and much more. The most unusual element of this program is its ability to deep-dive into PDF files from the desktop, downloads, documents, and recent folders and extract the sensitive information they contain.
This current malware outbreak, like so many others, has spread via phishing attacks. Security researchers say that the criminals launched the campaign to spread an ISO file containing an HTML application that will run on the desktop, not the web browser. This ensures the most widespread distribution because the application can run without interference from any browser security features.
It thwarts the tools you have in place to stop such attacks.
Launching the infected file spurs a chain reaction of downloading and running files until it reaches a Python script containing the info stealer. Once installed, this script can allow bad actors to steal money and information and gain access to organizational networks and more valuable targets.
Every email containing this new malware threat comes from the same phony address, ‘yunkun[@]saadelbin[.]com’, which purports to be a company account.
Protecting Yourself From the Latest Cybercrime Activity
Like most other recent ransomware campaigns, not falling victim to this scheme requires following the established best practices for avoiding phishing attacks. Although the rise of generative AI makes identifying dangerous messages more difficult, you can prevent a data breach in a few different ways:
- Implement email protection tools to filter suspected and known phishing emails automatically.
- Provide ongoing education about phishing emails, emerging threats, and response protocols.
- Ensure staff understands critical policies, such as billing and payment processes, to prevent mistakes.
- Use sandboxing.
Of course, installing powerful security software, including antivirus protection on all devices, can also help stop phishing attacks. Limiting administrator privileges to those needing them can also help prevent the infiltration of harmful downloads. It’s also important to stay on top of security updates and patches to limit the impact of the latest malware campaigns.
Ultimately, vigilance and a multilayered and robust security stance are the best ways to stop malware distribution and protect your company’s sensitive data. Monitoring and blocking suspicious activity and keeping your team informed about threats and the best practices for mitigating them ensures you won’t bear the consequences of a cybersecurity breach.