New Trickbot Delivery Method Focuses on Windows 10

  /     /     /  
Publicated : 23/11/2024   Category : security

New Trickbot Delivery Method Focuses on Windows 10


Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10.


Researchers have identified the use of Windows 10 functionality to automatically execute the OSTAP JavaScript downloader on victim machines. In their investigation, they found other attack groups abusing the same control, and earlier controls, with a slightly different technique.
The functionality being exploited is the latest version of the remote desktop ActiveX control class introduced for Windows 10, Morphisec Labs analysts explain in a blog post. Over the past few weeks, they have identified a couple dozen documents that execute the OSTAP JavaScript downloader.
Attackers use the ActiveX control to automatically execute a malicious macro after a victim enables a document. Most documents held an image to convince people to enable the content. Doing this executed the malicious macro; however, the image also concealed an ActiveX control below it. The OSTAP downloader is hidden in white text so its invisible to people but can be read by machines. Researchers report this technique will work only on Windows 10 devices.
As newer features are introduced to a constantly updating OS, so too the detection vendors need to update their techniques to protect the system, according to the blog post. This often creates very exhaustive and time-consuming work, which in turn can lead to the opposite effect of pushing defenders even farther behind the attacker. Trickbot attackers are taking advantage of this.
Read more details
here
.
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays featured story:
How to Prevent an AWS Cloud Bucket Data Leak
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
New Trickbot Delivery Method Focuses on Windows 10