Adrian Johnson
TLDR:
- July 2024 saw new phishing campaigns including SharePoint abuse and DeerStealer malware.
- SharePoint phishing campaign used legitimate service to evade detection and steal credentials.
Full Article:
In July 2024, cybersecurity analysts identified several key phishing campaigns, including a SharePoint phishing campaign and the distribution of the Strela stealer malware. The SharePoint campaign exploited the legitimate service to evade detection, using a PDF file on SharePoint to lead users to a fake Microsoft login page to steal credentials. The campaign saw over 500 instances of phishing within 24 hours. The Strela stealer malware was distributed through obfuscated batch files, with the malware exploiting WordPad during execution. Additionally, a campaign disguised the DeerStealer malware as Google Authenticator and hosted it on Github, exfiltrating stolen data via HTTP POST requests encrypted with XORed keys. To address evolving attacks, using Suricata IDS in ANY.RUN with FakeNet and a MITM proxy is recommended. Overall, cybersecurity professionals can utilize the threat intelligence lookup and ANY.RUN sandbox to analyze and detect phishing and malware campaigns effectively in real-time.
