More refined obfuscation tactics have been leveraged in a new multi-stage malware campaign targeted at the employees of Pakistan's Punjab Safe Cities Authority and Punjab Police Integrated Command, Control & Communication Centre, GBHackers News reports.Threat actors masquerading as an internal consultant have delivered high-priority spear-phishing emails with the "Safe Jail Project" title that included a Word document and a PDF file, both of which had misspelled file names, findings from a Joe Sandbox report showed. Included in the Word file is an illicit VBA macro that downloads the "code.exe" payload upon content activation while concealing malicious code via VBA stomping.Meanwhile, opening the PDF triggers a bogus Adobe Reader error message that includes an "Update PDF Reader" button, which when clicked, prompts the download of a nefarious ClickOnce app that retrieves the secondary "Adobe.exe" payload. Aside from executing "code.exe" to allow persistence via Microsoft Visual Studio Code tunneling, the malware also taps Discord webhooks to facilitate data compromise.
Malware, Threat Intelligence
Novel multi-stage malware campaign stealthily targets Pakistan
(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds