Microsoft warned of a new, unique one Malware This can infect your computer with fake legal threats through the websites contact forms. Attackers use legitimate Google URLs to get into a computer system. The target has to log in with their Google credentials for the URLs, which puts the system at risk.
According to Microsoft, the contact forms on websites are being misused hacker Deliver malicious links. A link will be included in the emails so that the target can review the evidence behind the claim. Once they click the link, a malware called IcedID is downloaded which can steal data from their computer systems and also lead to the installation of ransomware. The hackers use google urls to trick the target into believing that the click is safe.
The malicious emails
An example for malicious email is given below:
“Hello. This is Meleena and I’m a trained photographer and illustrator. I was mildly surprised when I saw my images on your website. If you are using a copyrighted image without the owner’s consent, you must be aware that you are.” Can be sued by the copyright owner if the use of stolen images is illegal and so cheap! Here is this document with the links to mine
Images that you have used on (the website) and my previous publications to provide evidence of my legal copyrights. Download it now and see for yourself.
(the malicious link)
If you do not remove the images mentioned in the above document in the next few days. I will send a message to your hosting provider to let them know that my copyrights have been severely infringed and that I am trying to protect my intellectual property. And it doesn’t help me to trust myself that I’m going to take it to court! And you won’t get the second message from me. ”
Microsoft said in the blog post, “After the email recipient signs up, sites.google.com will automatically download a malicious zip file that contains a heavily obfuscated .js file. The malicious .js file is run over WScript to create a shell object to start with Power Shell to download the IcedID user data (a .dat file), which is decrypted by a stored DLL loader, as well as a Cobalt Strike Beacon in the form of a stageless DLL, with which attackers can remotely control the endangered device ”