A new hacking campaign has been spotted in which the attackers are abusing legitimate cloud storage services to host malicious payloads.
In a research report, Securonix said that the campaign starts with a phishing email containing a .ZIP archive. When unzipped, the archive delivers an executable file that was made to look like an Excel file. The file uses a hidden left-to-right override (RLO) Unicode character, reversing the order of the characters that follow.
So, instead of seeing the file name as “RFQ-101432620247fl*U+202E*xslx.exe”, the victims will see “RFQ-101432620247flexe.xlsx” and can thus be tricked into thinking they’re opening a spreadsheet file.
Abusing the cloud
The .ZIP archive comes with a couple of additional scripts to make the entire campaign seem more…
Source link