Microsoft warns against threats targeting organizations with malicious ISO and img files that aim to deploy Trojans remotely.

Advanced threat detection models developed by Microsoft for computer-based training detect many spam campaigns that spread malware with an encrypted ISO.

Last week, Microsoft experts discovered a COVID 19-themed spam campaign that creates messages to entice users to download and edit ISO or IMG attachments. The bait in the ISO or IMG files is infected with a strain of the Remcos Remote Access Trojan (RAT). Site here Windows Server Management.

The campaign was sector-specific and made use of COWID-19’s thematic bait, and the Remcos campaigns seem limited and short-lived to be undetected.

For example, we found a Remcos campaign that follows a small company that wants to get a disaster recovery loan. An e-mail posing as a message from the U.S. Small Business Administration contains a malicious IMG (disk image) attachment that leads to the infamous Remcos RAT.

– 3. Microsoft Security Intelligence Service (@MsftSecIntel) 4. The information service of Microsoft Security Intelligence Service (@MsftSecIntel) May 2020.

We also saw a campaign aimed at production companies in South Korea. The attackers sent an e-mail to the target organization, which posed as CDC (Health Alert Network – HAN) and contained malicious attachments of ISO files. The ISO file contains a malicious SCR file – Remcos.

A recent Remcos campaign aimed at accountants in the United States with e-mails containing updates on COWID-19 for members of the American Institute of Accountants. The attachment is a ZIP archive containing a known ISO file containing a malicious SCR file with the deceptive icon

– 3. Microsoft Security Intelligence Service (@MsftSecIntel) 4. The information service of Microsoft Security Intelligence Service (@MsftSecIntel) May 2020.

Among the largest spam campaigns controlled by Microsoft are attacks on small businesses in the United States, manufacturing companies in South Korea and accountants in the United States.

As part of the campaign against small businesses in the US, messages with a malicious IMG (disk image) attachment were issued by the US Small Business Administration (SBA). The IMG file contained an executable file with the misleading PDF icon that will one day cause a Remcos RAT infection.

In a campaign aimed at South Korean manufacturing companies, the actors of the threat present themselves as the Health Alert Network (HAN) set up by the CDC. The attacks used ISO attachments containing the malicious SCR file used to install Remcos RAT.

The third Microsoft-audited campaign targeted auditors in the United States, in this case COVID, as bait. These presentations are intended to provide updated information on COVID-19 to the members of the US CPA Institute. In this case, the attackers used a ZIP archive with an ISO file containing a malicious SCR file with a misleading icon.

Mal-spam KOVID

At that time the ultimate goal of the men’s spam campaigns was not clear, the combination of a certain type of investment and the use of KOWID-19 as bait for men’s spam.

Vote on security issues for the European Blogger Award on Cyber Security – VOTE FOR YOUR WINNERS

Pierluigi Paganini

(security service – KOVID-19, mal-spam)