Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Drive-by download attack leveraged to deliver LoadPCBanker trojan through Google Sites

Drive-by download attack leveraged to deliver LoadPCBanker trojan through Google Sites

  • The malware is used against victims who speak Portuguese or English.
  • The attack begins with victims receiving phishing emails about a hotel reservation or confirmation.

Cybercriminals are deploying a banking trojan using the file cabinet template built into the Google Sites platform. The malware, dubbed as LoadPCBanker, is used against victims who speak Portuguese or English.

How is the trojan deployed – Security researchers at Netskope discovered that the attackers are leveraging drive-by-download attack to achieve their ultimate goal.

In this campaign, the threat actors first create a new website using Google Sites and then insert payload through the file cabinet template. In the final stage, the malicious URL is sent to potential targets.

How does the attack work – The attack begins with victims receiving phishing emails about a hotel reservation or confirmation. The email includes a link to the malicious site on Google Sites platform.

If a recipient clicks on the link, a file is downloaded that looks like a PDF file. The PDF file is actually the malware disguised as a guesthouse or hotel reservation.

Once the LoadPCBanker is installed, it collects several sensitive data from a victim’s machine. This includes capturing screenshots, stealing clipboard data and recording keystrokes. The malware sends the collected data to a MySQL server controlled by the attackers.

The malware can also steal information about the infected machine.

“During our analysis, we identified that the threat actor was particularly interested in surveilling a specific set of machines and capturing screenshots of the victims’ machines that were compromised from this attack. We derived this because we noticed a lot of infected machine responses, but only a few were being actively surveilled. At the time of writing, the threat actor was actively monitoring 20 infected hosts,” Netskope’s Ashwin Vamshi wrote in a blog post.

The bottom line – Researchers claim that similar malware has been around since early 2014. However, the latest wave of attacks has been ongoing since February 2019. It is unclear if the same group is behind the latest attacks or the source code was shared with other threat actors.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket