首页
归档
友情链接
Search
1
新的 5G 调制解调器缺陷影响主要品牌的 iOS 设备和 Android 型号
54 阅读
2
不忘初心Windows 10 LTSC 2019美化精简版
51 阅读
3
西瓜视频6.0.0无广告版
40 阅读
4
俄罗斯军事黑客使用新的 MASEPIE 恶意软件瞄准乌克兰
39 阅读
5
Typecho图片水印插件waterMark
36 阅读
操作系统
网络收集
安全新闻
源码插件
登录
Search
标签搜索
西瓜视频6.0.0无广告版
GitHub官网加速访问工具
显卡检测工具 GPU
微软常用运行库合集
Win10 v22H2不忘初心游戏版
5G调制解调器缺陷影
Bitzlato
激活工具
PDF24工具箱
MSI Afterburner
Typecho Sitemap插件
Typecho百度推送插件
Typecho蜘蛛来访插件
俄罗斯黑客
图吧工具箱
Python可视化开发工具
谷歌浏览器精简版
电信运营商 Kyivstar被黑客攻击
Google
GambleForce
05博客
累计撰写
65
篇文章
累计收到
9
条评论
首页
栏目
操作系统
网络收集
安全新闻
源码插件
页面
归档
友情链接
搜索到
1
篇与
的结果
2023-12-14
BazaCall Phishing Scammers Now Leveraging Google Forms for Deception
The threat actors behind the BazaCall call back phishing attacks have been observed leveraging Google Forms to lend the scheme a veneer of credibility.The method is an "attempt to elevate the perceived authenticity of the initial malicious emails," cybersecurity firm Abnormal Security said in a report published today.BazaCall (aka BazarCall), which was first observed in 2020, refers to a series of phishing attacks in which email messages impersonating legitimate subscription notices are sent to targets, urging them to contact a support desk to dispute or cancel the plan, or risk getting charged anywhere between $50 to $500.By inducing a false sense of urgency, the attacker convinces the target over a phone call to grant them remote access capabilities using remote desktop software and ultimately establish persistence on the host under the guise of offering help to cancel the supposed subscription.Some of the popular services that are impersonated include Netflix, Hulu, Disney+, Masterclass, McAfee, Norton, and GeekSquad.In the latest attack variant detected by Abnormal Security, a form created using Google Forms is used as a conduit to share details of the purported subscription.It's worth noting that the form has its response receipts enabled, which sends a copy of the response to the form respondent by email, so that the attacker can send an invitation to complete the form themselves and receive the responses."Because the attacker enabled the response receipt option, the target will receive a copy of the completed form, which the attacker has designed to look like a payment confirmation for Norton Antivirus software," security researcher Mike Britton said.The use of Google Forms is also clever in that the responses are sent from the address "forms-receipts-noreply@google[.]com," which is a trusted domain and, therefore, have a higher chance of bypassing secure email gateways, as evidenced by a recent Google Forms phishing campaign uncovered by Cisco Talos last month.BazaCall Phishing"Additionally, Google Forms often use dynamically generated URLs," Britton explained. "The constantly changing nature of these URLs can evade traditional security measures that utilize static analysis and signature-based detection, which rely on known patterns to identify threats."Threat Actor Targets Recruiters With More_eggs Backdoor#The disclosure arrives as Proofpoint revealed a new phishing campaign that's targeting recruiters with direct emails that ultimately lead to a JavaScript backdoor known as More_eggs.The enterprise security firm attributed the attack wave to a "skilled, financially motivated threat actor" it tracks as TA4557, which has a track record of abusing legitimate messaging services and offering fake jobs via email to ultimately deliver the More_eggs backdoor."Specifically in the attack chain that uses the new direct email technique, once the recipient replies to the initial email, the actor was observed responding with a URL linking to an actor-controlled website posing as a candidate resume," Proofpoint said.BazaCall Phishing"Alternatively, the actor was observed replying with a PDF or Word attachment containing instructions to visit the fake resume website."More_eggs is offered as malware-as-a-service, and is used by other prominent cybercriminal groups like Cobalt Group (aka Cobalt Gang), Evilnum, and FIN6. Earlier this year, eSentire linked the malware to two operators from Montreal and Bucharest.
2023年12月14日
9 阅读
0 评论
0 点赞