Shulou(Shulou.com)11/24 Report--

CTOnews.com March 11 news, according to foreign science and technology media BornCity and Bleeping Computer reports, Win10, Win11 and server version there is a serious loophole, may lead to a huge security disaster.

The report indicates that attackers can store malware by creating a "mock folder" (mock folders). Without a user account Control (UAC) prompt, an attacker can gain administrator privileges to bypass AppLocker or software restriction policies (referred to as SRP or SAFER) and install and execute malware.

Security company Sentinel One explains how the attack works in a recent blog post, which allows attackers to plant Remcos RAT malware into the system.

CTOnews.com summarizes according to the content of the blog post as follows: the attacker first sends a phishing email containing an attachment in tar.lz compressed format. Once the victim downloads and unzips the DBatLoader files, these files usually disguise themselves as Microsoft Office, LibreOffice, or PDF documents by using duplicate extensions and / or application icons, but they contain Remcos RAT malware.

DBatLoader downloads and executes the obfuscated phase II payload from the public cloud location (Google Drive, OneDrive).

The malware creates and executes the initial Windows batch script in the% Public%\ Libraries directory. This script abuses a known method of bypassing Windows user account Control (UAC), where trusted directories such as% SystemRoot%\ System32 are forged by using spaces at the end of the script. This allows an attacker to perform advanced activities without alerting the user.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.