A new malspam or malicious spam campaign is now targeting the manufacturing and export sectors in India, Seqrite, the enterprise arm of Pune-based IT security firm Quick Heal Technologies, warned on Monday.
The attackers generally use publicly available file hosting services such as Pastebin and Bitly to host their payloads to hide behind legitimate services that remain undetected, said researchers at Seqrite.
The attack begins in the form of a phishing email sent to a genuine user.
This contains MS Office PowerPoint files with a malicious Visual Basic for Applications (VBA) macro.
Cybercriminals use VBA programming in Microsoft Office macros as a medium to spread viruses, worms, and other forms of malware on a computer system.
Post execution, the malware takes advantage of pre-existing legitimate software to download malicious payload from Pastebin and continues to spread the infection.
According to Seqrite, some of the common Remote-Access-Tools used by attackers are Agent Tesla, Remcos RAT, and NanoCore RAT.
Following the tracks of these campaigns since April, the researchers have found that attackers do not restrict themselves to a single geography or vertical.
They also noticed that similar campaigns existed earlier as well that targeted varied organizations including those managed by the government.
The timely detection and blocking of such attack campaigns is essential for maintaining the integrity and trust in the businesses.
Seqrite recommended users to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails.
Businesses should consider disabling macros, keep their Operating Systems updated, and have a full-fledged security solution installed on all the devices, the company said.
