27 August 19, 19:15
(This post was last modified: 27 August 19, 19:16 by silversurfer.)
Quote:A round of phishing emails purports to be from job seekers – but actually uses a slew of detection evasion tactics to download malware on victim systems.
Employers who receive an email from someone purporting to be a job applicant, with an attached resume, could fall victim to a difficult-to-detect phishing campaign peddling a remote-access tool used often for espionage.
Researchers with Cofense said they have recently spotted emails with malicious attachments delivering the Quasar open-source malware. While the “job seeker” phishing theme may be fairly common, this particular campaign employs several sophisticated tactics that make it harder both for researchers to analyze — and company employees to detect.
“Organizations find a higher degree of difficulty with the ‘.doc’ file attachment distributing Quasar RAT itself, because the document employs a multitude of measures to deter detection,” Max Gannon, with Cofense, said in a Monday post. “Such methods include password protection—which is a built-in feature of Microsoft Word—and encoded macros.”
Read more here: https://threatpost.com/microsoft-word-re...re/147733/