Email security, Vulnerability Management, Malware

New WeTransfer phishing attacks involve reemerging Lampion malware

Share

Threat actors have launched a new phishing campaign exploiting the file-sharing service WeTransfer to facilitate the distribution of the Lampion malware, according to BleepingComputer. Cofense researchers discovered that the new campaign involves phishing email recipients being urged to download a WeTransfer "Proof of Payment" document, which is actually a ZIP archive with a Visual Basic Script file necessary for the commencement of the attack. Four scripts were discovered to be created by the WScript process initiated by the VBS file, with the first and second being empty and having little functionality, respectively, while the third script only triggers the fourth, noted researchers. The report also showed that a new WScript process is launched by the fourth script, with the new process facilitating the retrieval of two DLL files from password-protected ZIPs. Lampion malware will then be stealthily executed to commence exfiltration of data and targeting of bank accounts, the report added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.