A phishing campaign has been uncovered which is attempting to infect Windows PCs with two different forms of trojan malware families.
As identified by the researchers at Netskope, this phishing campaign started around April which consists of a phishing email about an invoice which then requires you to open an ISO file attached for further details after making user more curious that they’d step into the trap to get more information.
The malicious payload is delivered to the victim through the ISO file, one of either LokiBot or Nanocore which are two malware families. Providing backdoor on the infected Windows PC to the attacker, hence enabling them to access or steal data, and additional malicious payloads could be installed as well. Nanocore is more dangerous if used as it also steals the clipboard and the keystrokes.
According to the Researchers, they’ve identified 10 different variants of the campaign using different emails and ISO files.
The attackers are using these ISO files which are in size from 1MB to 2MB but contains an executable which itself is a malicious payload that does the work for them.
Attackers are using a file format as ISO disk image is to take an advantage of it being an uncommon file format which is sent over the emails and therefore is often whitelisted by the email security providers hence having a better chances at their targets.