November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert : ‘Love You’ MalSpam campaign dropping Grandcrab Ransomware, Phorpiex Spambot and Cryptocurrency miner
January 15, 2019Rewterz Threat Alert – A flaw in vCard processing could Allow Hackers to Compromise a Windows PC
January 16, 2019Rewterz Threat Alert : ‘Love You’ MalSpam campaign dropping Grandcrab Ransomware, Phorpiex Spambot and Cryptocurrency miner
January 15, 2019Rewterz Threat Alert – A flaw in vCard processing could Allow Hackers to Compromise a Windows PC
January 16, 2019
SEVERITY: Medium
ANALYSIS SUMMARY
After a break, office 365 phishing email campaign has resurfaced again asking the users to click on the page that redirects them to the phishing site that looks exactly like an office 365 page, asking for their credentials.
Users are sent a phishing email in which they’re told that their account has been temporarily disabled or they have limited access to the account. This campaign was previously active in 2018 and has resurfaced again after a few months gap.
This email would look like this.
The malicious phishing page demands credentials and personal information, which can be used in various kinds of malicious activities.
IMPACT
- Exposure of personal information
- System Access
INDICATORS OF COMPROMISE
Email Address
kurasi[@]sv342[.]xserver[.]jp
REMEDIATION
- Users are strictly advised not to click on any link or document received from any unknown sender.
- Moreover, make sure to never use the same password for multiple platforms because if a password is compromised, multiple accounts can be accessed.
- Do not ‘unsubscribe’ from suspicious emails. It can be used to confirm via bots that the account is active. Simply mark unexpected emails as ‘spam’.