Monday, May 16, 2022

Malware Spreading Via Fake Emails claiming US bombed Syria

Kaspersky labs is currently tracking a spam campaign which involves a (fake) report from CNN saying that the US have started bombing Syria.

When the shortened link is clicked, it will lead to an exploit kit which targets vulnerable versions of Adobe Reader and Java. The attackers seem to be favoring the Java exploit over the Reader exploit because Java exploits are more reliable with a higher infection rate.

Java applet decompiled
Photo Credits to Kaspersky labs

The drive by exploit will download a Trojan-Downloader onto the system which will then download other variants of malware.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …