Be careful with Excel files. The MirrorBlast phishing campaign is ongoing

Be careful with Excel files. The MirrorBlast phishing campaign is ongoing

When viewing e-mail, it is worth paying special attention to the attachments leading to the download of files from the Microsoft cloud. There is an ongoing phishing campaign called MirrorBlast, in which messages with infected attachments are sent out.

As he describes ZDNet , the malicious file download scenario is slightly different than usual. The infected document is not an email attachment itself. It is a file that will persuade the user to visit a fake OneDrive or SharePoint login page, where it will download an Excel file, which researchers call “armed”. In practice, it is about macros embedded in it.

Interestingly, in this case, the code can only be executed in 32-bit versions of the Office suite, which means that the target audience of the campaign is limited. In this case, the macro boils down to executing a script that bypasses the security related to the “sandbox”. Finally, the infected MSI package is downloaded and installed.


According to the researchers, a number of other programs are ultimately sent to the victim’s computer, including the KiXtart script that transmits information about the attacking computer and Rebol, which leads to the installation of FlawedGrace. The latter is a remote access tool and has been used in the past by the TA505 group, which is credited with the current phishing campaign.

read on


Source link

About Eshan William 19334 Articles
A 25 years old blogger. Other than gaming, I like watching documentaries and working on cars. A hardcore PC gamer is what I have always been and always will be.

Be the first to comment

Leave a Reply

Your email address will not be published.