Microsoft: Microsoft has a ‘warning’ on Google contact IDs – Times of India

4
576

Microsoft has warned against a new, unique malware that can infect your computer via websites’ contact forms with fake legal threats. Attackers are using legitimate Google URLs to get into a computer system. The URLs require the target to sign in with his/her Google credentials and which leaves the system compromised.
As per Microsoft, the contact forms on websites are being abused by hackers to deliver malicious links. In the emails, a link is given so that the target can check the evidence behind the allegation. As soon as they click on the link, a malware called IcedID gets downloaded which can steal data from their computer systems and also lead to the installation of ransomware. The hackers are using Google URLs to cause the target to believe that it is safe to click.
The malicious emails
An example of such malicious email is given below:
“Hello. This is Meleena and I am a qualified photographer and illustrator. I was surprised, mildly speaking, when I saw my images at your website. If you use a copyrighted image without an owner’s consent, you must be aware that you could be sued by the copyright owner if it is unlawful to use stolen images and it’s so cheap! Here is this document with the links to my
images you used at (the website) and my earlier publications to get the evidence of my legal copyrights. Download it now and check this out for yourself.
(the malicious link)
If you don’t remove the images mentioned in the document above during the next few days. I’ll file a to your hosting provider informing them that my copyrights have been severely infringed and I am trying to protect my intellectual property And it doesn’t help trust me I am going to take it to court! And you won’t receive the second notice from me.”
Microsoft said in the blog post: “After the email recipient signs in, the sites.google.com page automatically downloads a malicious ZIP file, which contains a heavily obfuscated .js file. The malicious .js file is executed via WScript to create a shell object for launching PowerShell to download the IcedID payload (a .dat file), which is decrypted by a dropped DLL loader, as well as a Cobalt Strike beacon in the form of a stageless DLL, allowing attackers to remotely control the compromised device.”

Source link

4 COMMENTS

  1. Hi,

    I want to contribute high-quality content to your website in form of a guest post through a simple 3 step process.

    1. I will send three amazing topic ideas that are up to the trend and your readers’ interest
    2. You need to choose one topic out of those.
    3. I will then send a high-quality, plagiarism-free article on that topic.

    You will just have to publish it with one do-follow backlink to my website. It will be a win-win.

    Please let me know if we shall start with step 1?

    Best,

    Anita Gro

  2. Hi,

    I want to contribute high-quality content to your website in form of a guest post through a simple 3 step process.

    1. I will send three amazing topic ideas that are up to the trend and your readers’ interest
    2. You need to choose one topic out of those.
    3. I will then send a high-quality, plagiarism-free article on that topic.

    You will just have to publish it with one do-follow backlink to my website. It will be a win-win.

    Please let me know if we shall start with step 1?

    Best,

    Heeral Mehta

LEAVE A REPLY

Please enter your comment!
Please enter your name here