CyberNews Briefs

Microsoft Warns of Malware Delivery via Google URLs

Microsoft has warned of a new campaign utilizing legitimate website contact forms to target victims with URLs that ultimately deliver a banking Trojan. The attack campaign is delivering the IcedID banking Trojan to businesses via emails containing fake legal threats, creating a sense of urgency and luring victims into clicking malicious links. The campaign consists of attackers targeting businesses by abusing their legitimate corporate contact forms. The campaign has been observed to bypass CAPTCHA protection.

The contact form submission then leads to a malicious email being delivered into the recipient’s mailbox, which appears legitimate due to the fact that it originates from the same email marketing system typically used to spread information to the company employees. The attackers included a legitimate Google URL into the phishing campaign, bringing the reader to a Google page that requires logging in with Google credentials. However, a malicious ZIP file is downloaded instead.

Read More: Microsoft Warns of Malware Delivery via Google URLs

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.