September 29, 2023

Researchers recognized a brand new phishing marketing campaign that makes use of Microsoft Phrase paperwork to distribute malware that may log what a sufferer varieties, siphon cryptocurrency funds, and steal delicate information.

To get into the sufferer’s system, the attackers ship a phishing e mail with the malicious Phrase doc as an attachment. Clicking on the attachment prompts an embedded malicious hyperlink within the file and results in the supply of three malware strains referred to as RedLine Clipper, Agent Tesla, and OriginBotnet, in keeping with a report revealed Monday by cybersecurity agency Fortinet.

The RedLine Clipper loader steals cryptocurrency by altering a pockets handle saved within the sufferer’s clipboard to the attacker’s handle. It really works with numerous cryptocurrencies like Bitcoin, Ethereum, Dogecoin, Litecoin, Dashcoin, and Monero.

RedLine Clipper displays what customers copy, notably specializing in lengthy and sophisticated pockets addresses, that are onerous to sort out manually. As soon as it spots a pockets handle, it discreetly swaps it out with the attacker’s handle with out the consumer figuring out.

Agent Tesla, however, can document keystrokes and compiles an inventory of particular software program put in on the sufferer’s gadget, together with net browsers and e mail purchasers.

The third payload, OriginBotnet, can acquire delicate information from the sufferer’s laptop, connect with the hackers’ management server and obtain extra recordsdata from the server to carry out duties like recording keystrokes or recovering passwords on hacked gadgets.

“The assault demonstrated subtle strategies to evade detection and preserve persistence on compromised techniques,” the researchers stated.

Fortinet hasn’t attributed the assault to any recognized hacker group.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

Daryna Antoniuk

Daryna Antoniuk
is a contract reporter for Recorded Future Information based mostly in Ukraine. She writes about cybersecurity startups, cyberattacks in Jap Europe and the state of the cyberwar between Ukraine and Russia. She beforehand was a tech reporter for Forbes Ukraine. Her work has additionally been revealed at Sifted, The Kyiv Impartial and The Kyiv Publish.