Shulou(Shulou.com)11/24 Report--

CTOnews.com Sept. 12, according to the latest report released by Truesec, a network security company, DarkGate Loader phishing activities aimed at Microsoft Teams users have been discovered.

The attacker first uses the leaked Office 365 account to send an email containing a malicious attachment to the user and marks the attachment as a ZIP file that "adjusts the holiday schedule".

After the user clicks on the ZIP file, the download process is automatically initiated from SharePoint URL, which contains the LNK file disguised as an PDF document.

It is reported that hackers hijacked "Akkaravit Tattamanas" (63090101@my.buu.ac.th) and "ABNER DAVID RIVERA ROJAS" (adriverar@unadvirtual.edu.co) accounts, hidden malicious VBScript in LNK files, and then deployed malware called DarkGate Loader.

Because SharePoint URL is used in the download process of ZIP files, the complex activities exploited by hackers make it difficult for users to detect violations. In addition, the code is hidden in the middle of the file, making it difficult for mainstream software killers to detect malware in precompiled scripts.

CTOnews.com attaches a link to the security report here, which interested users can click to read in depth.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.