""The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared with The Hacker News."
""Once executed, the malware deploys a multi-purpose toolkit that combines credential theft, data exfiltration, and Monero cryptocurrency mining for maximum monetization.""
""The initial dropper file is a Visual Basic Script (VBScript) that, upon opening, displays a bogus French-language error message, fooling message recipients into thinking that the file is corrupted.""
""Notably, out of the script's 224,471 lines, only 266 lines contain actual executable code. The rest of the script is filled with junk comments featuring random English sentences, inflating the size of the file to 9.7MB.""
A phishing campaign, codenamed FAUX#ELEVATE, targets French-speaking corporate environments using fake resumes to deliver malware. The malware, disguised as VBScript files, deploys a toolkit for credential theft, data exfiltration, and Monero mining. It utilizes legitimate services like Dropbox and Moroccan WordPress sites for command-and-control operations. The initial dropper file tricks users with a fake error message while executing obfuscated code to evade detection. The script contains minimal executable code, with most lines filled with junk comments to increase file size.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]