25 January 19, 13:32
(This post was last modified: 25 January 19, 20:49 by silversurfer.)
Quote:An array of phishing emails harboring Word attachments with embedded macros have been infecting systems with a deadly malware and ransomware duo.
The campaign, spotted by researchers at Carbon Black, has hit infected systems with a lethal attack combination that harvests credentials, gathers system and process information, and then encrypts data in order to extort payments from victims.
The attack originally came in via phishing emails that contained an attached Word document with embedded macros. The macro would then call an encoded PowerShell script and use a series of techniques to download and execute both a Ursnif malware strain and GandCrab ransomware variant.
Source: https://threatpost.com/phishing-gandcrab-ursnif/141182/
![[-]](https://www.geeks.fyi/images/collapse.png)
