Norton LifeLock phishing scam infects victims with remote access trojan

The cybercriminals behind a latest phishing marketing campaign used a pretend Norton LifeLock doc with a view to trick victims into putting in a distant entry trojan (RAT) on their methods.

The an infection begins with a Microsoft Phrase doc that comprises malicious macros. Nevertheless, to get customers to allow macros, that are disabled by default, the menace actor behind the marketing campaign used a pretend password-protected Norton LifeLock doc.

Victims are requested to allow macros and sort in a password, offered within the phishing e mail containing the doc, to achieve entry to it. Palo Alto Networks’ Unit 42, which discovered the campaign, also found that the password dialog box accepts only a upper or lowercase letter ‘C’. If the password is incorrect, the malicious action does not continue.

If the user does input the correct password, the macro continues executing and builds a command string that installs the legitimate remote control software, NetSupport Manager.

Establishing persistence

The RAT binary is downloaded and installed onto a user’s machine with help from the ‘msiexec’ command in the Windows Installer service.

In a

new report, the researchers at  Palo Alto Networks’ Unit 42 defined that the MSI payload installs with none warnings and provides a PowerShell script within the Home windows temp folder. That is used for persistence and the script performs the position of a backup resolution for putting in NetSupport Supervisor.

Earlier than the script continues its operations, it checks to see if an antivirus from both Avast or AVG is put in on the system. If that is so, it stops operating on the sufferer’s laptop. If the script finds that these packages aren’t current on the machine, it provides the recordsdata wanted b NetSupport Supervisor to a folder with a random title and likewise creates a registry key for the primary executable named ‘presentationhost.exe’ for persistence.

Unit 42 first found the marketing campaign in the beginning of January and the researchers tracked associated exercise again to November 2019 which reveals that the marketing campaign is an element of a bigger operation.

By way of BleepingComputer

The post Norton LifeLock phishing scam infects victims with remote access trojan appeared first on gariwerd.com.



source https://gariwerd.com/norton-lifelock-phishing-scam-infects-victims-with-remote-access-trojan/

Comments

Post a Comment

Popular posts from this blog

Apple will update iWork suite with trackpad support and iCloud folder sharing

Image
Enlarge / The keyboard and trackpad attachment for the iPad Professional. Within the notes for its iPad Professional announcement earlier immediately, Apple introduced a few main new options coming to the iWork suite which can be particularly oriented round new choices for the iPad. Pages, Numbers, and Keynote will all get full trackpad assist on the platform, however they’re going to additionally achieve iCloud Folder Sharing. “Collaboration can even change into simpler than ever with assist for iCloud folder sharing and the power to edit shared paperwork whereas offline,” Apple wrote in its newsroom article . Customers have been asking for iCloud folder sharing for some time, and there have been indications that the corporate has been engaged on it for some time, nevertheless it hadn’t come to fruition but. In truth, it appears to have been delayed earlier than. Now folder sharing is more likely to come alongside or shortly after iPadOS 13.four, which is able to, amongst...
Read more

Ray tracing comes to more games thanks to new software tools

Whether or not or not builders assist the strategy will depend on their reliance on Vulkan and willingness to implement ray tracing within the first place. Proper now, hardware-accelerated ray tracing is simply out there with a handful of GPUs. Programmers will not should throw out their current data, not less than. The Vulkan extensions use a “acquainted total structure” that may let individuals carry over the approaches they used with the likes of DirectX or NVIDIA’s OptiX. It may very well be an extended whereas earlier than video games undertake this en masse between the wanted improvement time and wider hardware assist. Do not be stunned when you see ray tracing from relative newcomers, nevertheless. This may be the important thing to creating ray tracing extra commonplace past Home windows, together with on open platforms like Linux. The post Ray tracing comes to more games thanks to new software tools appeared first on gariwerd.com . source https://gariwerd.com/ray-traci...
Read more

GOG is offering 27 free games to help you relax at home

Image
GOG.com needs that can assist you preserve your sanity whereas everybody’s sheltering in place, so the DRM-free platform’s handing out a entire lot of oldies-but-goodies at no cost—27 of them (Enjoyable reality: GOG.com began out as Good Outdated Video games). These ought to scratch your nostalgia itch, and the overwhelming majority ought to run on the built-in graphics of even essentially the most modest trendy laptops. “Even when the solar is shining and the flowers have already began to bloom the place you reside, well being and security are on all people’s thoughts proper now,” the brand new ‘ Stay at home and play some games ’ touchdown web page says. “Closing the shades and taking part in video video games might be one of many good methods to calm down and move the time if you keep at house. We’re right here that can assist you select your subsequent nice journey with this collection of free video games from our catalog and a massive Spring Sale operating till March 30th.” ...
Read more