Turkish Windows users have been subjected to a new phishing campaign spreading the ModiLoader malware, also known as DBatLoader, reports GBHackers News.Attackers distributed malicious emails purporting to be from a Turkish bank that included a nefarious attachment masquerading as transaction history, which when executed triggered a multi-stage infection mechanism leading to the injection of the .NET-based SnakeKeylogger informatinon-stealing malware, a report from the AhnLab Security Intelligence Center revealed. After being deployed under the guise of a mercurymail program within a legitimate process, SnakeKeylogger facilitates the gathering and exfiltration of user credentials to a Telegram bot controlled by the threat actors. Such findings exhibit the advanced exploitation of legitimate Windows processes and tools to covertly compromise targeted systems, according to ASEC researchers, who called on users to not only be vigilant of email attachments but also ensure implementation of cybersecurity hygiene practices.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds