Gmail is spreading a virus disguised as documents
Miscellaneous / / March 30, 2022
Another reason not to open files from unknown sources.
Attackers have found a new way to deliver malware to computers: using email and formats that users usually open without fear. About it informed in a blog post by Diana Lopera, Lead Cybersecurity Specialist at Trustwave.
Everything works simply. The victim receives a short email that offers to view the data from the attached DOC file (as a rule, it has a simple and relevant name like request.doc). In fact, under the guise of a document, an ISO file is hidden - a disk image containing a file in the HTMLHelp format (context support format developed by Microsoft) and an EXE application.
The HTMLHelp files themselves are harmless, but they are capable of launching applications in the same directory without the user's knowledge - which becomes extremely dangerous when it comes to viruses.
This technique is used to distribute Vidar, a malicious program that collects personal data from browsers and other applications. Once launched, it connects to command and control servers from the Mastodon open source social network. At the end of the collection of data, it is able to delete all the created files, so that the user will not even know that his computer has been infected.
Avoiding infection in this way is quite easy: do not open attachments from unknown senders (especially from the Spam folder).
Because the scheme relies on Microsoft's proprietary format, macOS users are probably safe for now. This, however, does not exclude the risk of infection with other viruses, including the popular XLoader.
Read also🧐
- How to check a computer or a separate file for viruses online
- Experts: Macs are twice as likely to become infected with viruses than Windows PCs
- First viruses found attacking Macs with M1 processors
AliExpress Birthday Sale: 7 Items You Should Look Out For