In its latest discovery, Microsoft Security Intelligence has described a new phishing campaign targeting the aerospace and travel industries. Both those markets are reeling from the impact of COVID-19 and threat actors are preying on vulnerabilities. According to Microsoft’s security team, attackers are using emails loaded with malicious content to expose users to remote access Trojans (RATs). This method deviates almost nothing from the classic phishing method. In other words, the attacker is using an email that looks like it comes from a legitimate sender to trick victims into interacting with a link or attachment that is malicious. Specifically for this campaign, the phishers are using a PDF file that deploys a RAT into a system the instant the file link is clicked.
— Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021 AsyncRAT and RevengeRAT are the two trojans being used for this attack. Once deployed, the RATs can steal browser data, user credentials, take screenshots, access webcams, and take network data. As always, the best advice for avoiding a phishing attack is to simply not interact with attachments on emails from unknown sources. Still, considering attacks often mimic legitimate companies, knowing what’s real or not can be tough. Microsoft has added advanced hunting queries to GitHub to give customers tools to know if an attack has happened to them.
Recent Attack
Earlier this month, we reported on a phishing attack against Microsoft Office 365 users. Kaspersky Lab reports on a new phishing attack against Microsoft’s Office 365. Specifically, attackers are targeting Office users through Google Docs. This phishing attack starts with a letter with a message that is vague from an unknown sender. While this should be enough to deter anyone, the letter entices victims by talking about a deposit and having “Deposit Advice”. Tip of the day: Whether you’re planning an upgrade, tuning CPU timings, or just curious, it’s handy to know information about your RAM. In our tutorial, we show you how to check RAM speed, type, and size using several built-in Windows 10 tools.