Malicious AutoHotkey Scripts Used to Steal Info, Remotely Access Systems
#1
Quote:Attackers are targeting potential victims using a malicious AutoHotkey script to avoid detection and to steal information, to drop more payloads, and to remotely access compromised machines using TeamViewer​​​​​​.
 
AutoHotkey (also known as AHK) is an open-source scripting language for Windows back in 2003 to add keyboard shortcuts (hotkeys) support in AutoIt, another free Windows automation language.
 
The malicious AutoHotkey script payload is delivered with the help of a decoy Excel Macro-Enabled Workbook email attachment named Military Financing.xlsm after the Foreign Military Financing (FMF) program of the U.S. Defense Security Cooperation Agency to trick potential targets into enabling macros to view the file's contents.
 
As discovered by Trend Micro's Cyber Threat Research Team. once the victims enabled macros in Microsoft Excel, the XSLM document will "drop the legitimate script engine AutoHotkey along with a malicious script file."
[Image: Attack%20chain.jpg]

SOURCE: https://www.bleepingcomputer.com/news/se...s-systems/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
CatchPulse 10.10.0
CatchPulse 10.10.0...harlan4096 — 07:52
uBOLite 2026.711.25 (already available f...
uBOLite 2026.711.2...harlan4096 — 07:31
Sandboxie 1.18.0 / 5.73.0
Release v1.18.0 / ...harlan4096 — 07:30
AMD reportedly testing FSR Multi Frame G...
AMD Radeon driver ...harlan4096 — 06:55
You can’t fully disable Microsoft’s GDI...
Microsoft Confirms W...harlan4096 — 06:51

[-]
Birthdays
Today's Birthdays
avatar (37)ipumaqar
avatar (51)tanliorsPeri
Upcoming Birthdays
avatar (46)RidgeDimb
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (39)boineDon
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>