Industry News  Advanced Cyber Attack: .JSE and PowerShell Used to Deploy Agent Tesla and XLoader
Industry News

Advanced Cyber Attack: .JSE and PowerShell Used to Deploy Agent Tesla and XLoader

SecuredyouadmSecuredyouadmApril 18, 20250
PinterestLinkedInTumblrRedditVKWhatsApp
More stories



A recent multi-stage attack has been detected, delivering various malware families such as Agent Tesla variants, Remcos RAT, and XLoader. According to Palo Alto Networks Unit 42 researcher Saqib Khanzada, attackers are increasingly using complex delivery mechanisms to evade detection and ensure successful payload delivery. The attack begins with a deceptive email posing as an order request, containing a malicious 7-zip archive attachment with a JavaScript encoded (.JSE) file.

Upon launching the JavaScript payload, a PowerShell script is downloaded from an external server, initiating the infection sequence. This script contains a Base64-encoded payload that is decrypted, written to the Windows temporary directory, and executed. Subsequently, a next-stage dropper is introduced, which can be compiled using .NET or AutoIt, leading to the deployment of malware like Agent Tesla variants or XLoader.

The attacker employs multiple execution paths to increase resilience and evade detection, focusing on a multi-layered attack chain rather than sophisticated obfuscation. This approach complicates analysis and detection efforts, making it challenging to identify and mitigate the threat. By utilizing simple stages stacked together, attackers can create resilient attack chains that are harder to detect.

In a separate campaign, Kaspersky detailed a new version of a malware called MysterySnail RAT, targeting government organizations in Mongolia and Russia. The threat actor behind this activity, IronHusky, has been active since at least 2017 and was previously linked to zero-day exploitation to deliver MysterySnail. The infections originate from a malicious Microsoft Management Console (MMC) script distributed through a lure document, sideloading a malicious DLL to communicate with attacker-controlled infrastructure.

The latest version of MysterySnail RAT observed by Kaspersky is capable of accepting nearly 40 commands, enabling various malicious activities such as file management, process execution, service management, and network resource connection. Following preventive actions by affected companies to block intrusions, a lighter version of the malware called MysteryMonoSnail was dropped by attackers with reduced capabilities. This ongoing threat landscape underscores the importance of robust cybersecurity measures to protect against evolving and sophisticated attacks.



Source link

PinterestLinkedInTumblrRedditVKWhatsApp

Securedyouadm

Cybersecurity Engineer, Senior
Chinese Smishing Kit Fuels Nationwide Toll Fraud Scheme in 8 U.S. States

A sophisticated smishing kit developed by Chinese hackers has been identified as the driving force behind a widespread toll fraud campaign targeting users in 8 states across the United States. Smishing, a form of phishing that utilizes SMS messages to deceive recipients into divulging personal information or downloading malicious software, has been increasingly used by cybercriminals to carry out fraudulent activities.

This particular campaign, which has affected users in states such as California, Texas, and New York, aims to deceive individuals into unknowingly racking up exorbitant toll charges by clicking on fraudulent links sent via text messages. The Chinese smishing kit allows hackers to easily create convincing messages that appear to be from legitimate sources, making it easier to trick unsuspecting users into falling for their schemes.

The toll fraud scheme not only poses a financial threat to affected individuals but also raises concerns about the security of personal information. By clicking on these malicious links, users risk exposing sensitive data that can be used for identity theft or other nefarious purposes. The widespread nature of this campaign underscores the importance of staying vigilant against cyber threats and taking precautions to protect one’s personal information.

Law enforcement agencies and cybersecurity experts are working diligently to track down the perpetrators behind this toll fraud campaign and prevent further damage to users. In the meantime, it is crucial for individuals to be cautious when receiving unsolicited messages and to refrain from clicking on any suspicious links. By remaining vigilant and informed about the latest cybersecurity threats, users can better protect themselves from falling victim to scams like these.

As technology continues to evolve, so too do the tactics used by cybercriminals to exploit vulnerabilities and carry out fraudulent activities. The Chinese smishing kit powering this toll fraud campaign serves as a stark reminder of the importance of cybersecurity awareness and the need for proactive measures to safeguard personal information in an increasingly digital world.
Related posts
Load more
Leave a Reply

Your email address will not be published. Required fields are marked *

Read also
Load more