Beware Of Phishing Emails Prompting Execution Via Paste (CTRL+V)

5 June 2024

Phishing attackers are distributing malicious HTML files as email attachments, containing code designed to exploit users by prompting them to directly paste and execute the code, which leverages social engineering, as users are tricked into running the malicious code themselves by pasting it into a vulnerable application. A phishing campaign uses social engineering tactics by employing email subjects that trigger a sense of urgency (e.g., fee processing, operation instruction reviews), containing malicious HTML attachments disguised as legitimate Microsoft Word documents. Phishing emails Upon opening the attachment, the user is presented with a deceptive message visually resembling a Word document, which typically includes a button labeled “How to Fix” or similar, serving as the social engineering lure.

Source: GBHackers

Date:

5 June 2024

Categorie(s):

NEWS

Tag(s):

Cyber Security News, Cybersecurity Awareness, Email Security, Execution, Identity Theft

Scumbag puts ‘stolen’ Nokia source code, SSH and RSA keys, more up for sale6 November 2024
Canada arrests suspected hacker over breach of 160+ Snowflake users’ data6 November 2024
Cyberthreats linked to foreign actors aim to hinder Election Day proceedings5 November 2024
DocuSign’s API used to lure victims into e-signing fake invoices5 November 2024
Schneider Electric ransomware crew demands $125k paid in baguettes5 November 2024