"Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts. The script files are disguised as requests and bids from potential customers or partners."
"The threat actors behind the operations have demonstrated their active development of the JavaScript payload, making significant changes during the course of the campaign. This adaptability shows their efforts to continually enhance the effectiveness of the malware distribution."
"In some instances, the ZIP archive has been found to contain other documents related to the organization or individual being impersonated to increase the likelihood of success of the phishing attack and dupe recipients."
"The newly downloaded script proceeds to fetch several other files, including the NetSupport RAT malware, which establishes contact with a command-and-control (C2) server set up by the attackers."
Collection
[
|
...
]