New Trickbot Delivery Method Focuses on Windows 10

  /     /     /  
Publicated : 23/11/2024   Category : security


New Trickbot Delivery Method Focuses on Windows 10


Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10.



Researchers have identified the use of Windows 10 functionality to automatically execute the OSTAP JavaScript downloader on victim machines. In their investigation, they found other attack groups abusing the same control, and earlier controls, with a slightly different technique.
The functionality being exploited is the latest version of the remote desktop ActiveX control class introduced for Windows 10, Morphisec Labs analysts explain in a blog post. Over the past few weeks, they have identified a couple dozen documents that execute the OSTAP JavaScript downloader.
Attackers use the ActiveX control to automatically execute a malicious macro after a victim enables a document. Most documents held an image to convince people to enable the content. Doing this executed the malicious macro; however, the image also concealed an ActiveX control below it. The OSTAP downloader is hidden in white text so its invisible to people but can be read by machines. Researchers report this technique will work only on Windows 10 devices.
As newer features are introduced to a constantly updating OS, so too the detection vendors need to update their techniques to protect the system, according to the blog post. This often creates very exhaustive and time-consuming work, which in turn can lead to the opposite effect of pushing defenders even farther behind the attacker. Trickbot attackers are taking advantage of this.
Read more details
here
.
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays featured story:
How to Prevent an AWS Cloud Bucket Data Leak
.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Trickbot Delivery Method Focuses on Windows 10