New Trickbot Delivery Method Focuses on Windows 10
Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10.
Researchers have identified the use of Windows 10 functionality to automatically execute the OSTAP JavaScript downloader on victim machines. In their investigation, they found other attack groups abusing the same control, and earlier controls, with a slightly different technique.
The functionality being exploited is the latest version of the remote desktop ActiveX control class introduced for Windows 10, Morphisec Labs analysts explain in a blog post. Over the past few weeks, they have identified "a couple dozen documents" that execute the OSTAP JavaScript downloader.
Attackers use the ActiveX control to automatically execute a malicious macro after a victim enables a document. Most documents held an image to convince people to enable the content. Doing this executed the malicious macro; however, the image also concealed an ActiveX control below it. The OSTAP downloader is hidden in white text so it's invisible to people but can be read by machines. Researchers report this technique will work only on Windows 10 devices.
"As newer features are introduced to a constantly updating OS, so too the detection vendors need to update their techniques to protect the system," according to the blog post. "This often creates very exhaustive and time-consuming work, which in turn can lead to the opposite effect of pushing defenders even farther behind the attacker." Trickbot attackers are taking advantage of this.
Read more details here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "How to Prevent an AWS Cloud Bucket Data Leak."
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024