Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Employers Beware: Microsoft Word ‘Resume’ Phish Delivers Quasar RAT
#1
Quote:A round of phishing emails purports to be from job seekers – but actually uses a slew of detection evasion tactics to download malware on victim systems.

Employers who receive an email from someone purporting to be a job applicant, with an attached resume, could fall victim to a difficult-to-detect phishing campaign peddling a remote-access tool used often for espionage.

Researchers with Cofense said they have recently spotted emails with malicious attachments delivering the Quasar open-source malware.  While the “job seeker” phishing theme may be fairly common, this particular campaign employs several sophisticated tactics that make it harder both for researchers to analyze — and company employees to detect.
 
“Organizations find a higher degree of difficulty with the ‘.doc’ file attachment distributing Quasar RAT itself, because the document employs a multitude of measures to deter detection,” Max Gannon, with Cofense, said in a Monday post. “Such methods include password protection—which is a built-in feature of Microsoft Word—and encoded macros.”

Read more here: https://threatpost.com/microsoft-word-re...re/147733/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>