1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Cybercriminals are using virtual hard drives to drop RATs in phis

    From TechnologyDaily@1337:1/100 to All on Thursday, December 12, 2024 20:30:05
    Cybercriminals are using virtual hard drives to drop RATs in phishing attacks

    Date:
    Thu, 12 Dec 2024 20:14:00 +0000

    Description:
    Threat actors are increasingly using virtual hard drive files in phishing attacks to deliver malware.

    FULL STORY ======================================================================Virtual hard drives are being abused in phishing campaigns, experts warn The virtual drives are used to drop RAT malware into unsuspecting inboxes The attack vector is particularly difficult of antivirus to detect

    Mountable virtual hard drive files, typically in .vhd and .vhdx formats,
    allow users to create virtual volumes that function like physical drives in a Windows environment.

    While these files have legitimate uses in software development and virtual machines, cybercriminals have increasingly exploited them to deliver malware
    , experts have warned.

    Recent research by Cofense Intelligence has revealed such tools are now being used to bypass detection mechanisms like Secure Email Gateways (SEGs) and antivirus solutions to drop Remote Access Trojans (RATs). The rising use of virtual hard drive files

    This exploitation is particularly difficult to detect, even with
    sophisticated scanning tools employed by SEGs and antivirus solutions, as the malware remains hidden within the mounted files.

    The latest campaign has shifted focus toward resume-themed phishing attacks targeting Spanish-speaking individuals. The emails contained .vhdx files
    that, when opened, executed Visual Basic Script to load the Remcos RAT into memory.

    This campaign notably included autorun.inf files designed to take advantage
    of older versions of Windows that still support AutoRun capabilities, further demonstrating the attackers intention to exploit a wide range of potential victims with varying system setups.

    AutoRun, a feature in older versions of Windows, allows a file to execute automatically when a volume is mounted. Attackers have often exploited this feature to run malicious payloads without user intervention in systems where AutoRun is enabled.

    Although Windows Vista and later versions mitigate these risks by disabling automatic execution, users with outdated systems remain vulnerable to silent malware execution. Even without AutoRun, attackers can use AutoPlay to prompt victims into manually running the malicious payload, leveraging the human factor to bypass security controls.

    Attackers were also able to bypass various SEGs by embedding malicious
    content within virtual hard drive files inside archive attachments, bypassing SEGs from major security vendors, such Cisco and Proofpoint.

    Threat actors further complicate detection by manipulating file hashes within virtual hard drive files. By adding unnecessary filler data or modifying storage space allocation, they can create files that appear different in
    scans but still deliver the same malicious payload. More from TechRadar Pro These are the best firewalls Using an AI PC may actually make users less productive for now Take a look at the best internet security suites



    ======================================================================
    Link to news story: https://www.techradar.com/pro/Cybercriminals-are-using-virtual-hard-drives-to- drop-RATs-in-phishing-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)