Rewterz Threat Alert – Malspam pushing Quasar RAT
September 25, 2019Rewterz Threat Alert – Dridex Banking Trojan Active Again
September 26, 2019Rewterz Threat Alert – Malspam pushing Quasar RAT
September 25, 2019Rewterz Threat Alert – Dridex Banking Trojan Active Again
September 26, 2019Severity
Medium
Analysis Summary
A new phishing campaign uses Google search query redirects to send potential victims to a phishing landing page designed to collect Microsoft Office 365 credentials via encoded URLs. The phishers behind these attacks use URL Encoding (also known as Percent Encoding), a technique that makes it possible to convert ASCII characters in URLs with % signs followed by two hexadecimal digits.
This allows the threat actors to hide the phishing page URL from secure email gateways (SEGs) that scan emails for malicious links and content to block potentially dangerous messages.
The phishing email is simple and originates from a compromised email account of a relatively well-known American brand, informing recipients that they have a new invoice awaiting payment.
Impact
- Credential theft
- Exposure of sensitive information
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on the link/ attachments sent by unknown senders.