Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


August Malicious Program Attempts at Filching Credentials

During November this year, Proofpoint the security company detected one sinister Trojan known as August.

As per security researchers of that company, August malicious program aims attack on retail firms' customer service employees by sending them phishing e-mails crafted for appearing as customer complaints alternatively any usual business correspondence. For infecting the users, the malware resorts to PowerShell and Word macros, while the final payload tries filching the victims' information-full documents and user credentials. Securityintelligence.com posted this, December 12, 2016.

Reportedly, a lot of the e-mail headers and baits used relied on references to problems arising from purchases, actually phony, via the retail firm's portal, while were made to aim at persons who possibly could give supportive evidences for those problems. Moreover, the baits as well indicated that a given attachment carried thorough details of the problem.

When installed, August carries out a variety of automated checks so as for sieving sandbox environments as well as bypassing security products. Thereafter, the macro malware searches for the API (application program interface) namely Maxmind IP-to-geolocation; file counts; task names and task counts.

The e-mails looked personalized because their headers mentioned the domain of the recipient. Instances of such headers read "Need help with order on [recipient's domain];" "[recipient's domain] -Help: Items vanish from the cart before checkout;" and "Erroneous charges from [recipient's domain]."

Nonetheless, the attached files indeed carry macros capable of downloading and planting the August malware. When planted, it begins digging out various information items, including pilfering bitcoin wallets, RDP and messenger credentials, FTP credentials, wallet files, as well as passwords and cookies from Outlook, Thunderbird, Chrome and Firefox.

In another report by Symantec titled "The Increased Use of PowerShell in Attacks," there's mention of the wide utilization of one particular tool namely 'task automation accompanied with configuration management,' which serves as attack vector. This method has been so effective that 95.4% of all 111 malware categories assessed within the report utilized PowerShell. Seemingly, this attack vector will continue through the coming times.

As for the techniques which August employs, the malware is hard in spotting whether at the endpoint or the gateway.

» SPAMfighter News - 12/19/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page