A new hacker attack has recently emerged: a dangerous malware is in fact sent, disguised as pdf or excel files, through phishing campaigns.
These campaigns appear to leverage password-protected archive files to spread malware without users having to perform specific actions. Researchers who spotted this new phishing campaign were able to see how the malware spreads through one of the most classic bogus emails asking you to open a pdf or Excel file (like an invoice). The file is actually an SFX archive which contains a self-extracting archive, a batch file and the bait file (pdf or png). All information about the extraction is included in the batch file.
At the end of the operations on the victim's pc, either CoinMiner is installed, which is a malware capable of extracting cryptocurrency by exploiting the resources of the victim pc and stealing credentials or Quasar RAT, a remote access trojan.
According to experts, this malware spreading technique was the most widespread in 2022 because it allowed to bypass one of the main problems that cyber criminals face: convincing the victim to open the file using the included password. The use of this technique therefore represents a further threat in the already extremely varied landscape of cyber threats.
