Threat actors are always on the lookout for new methods to gain unauthorized access to your devices. Now, according to a recent report from NSFOCUS Security Labs, a new group of hackers named AtlasCross is using sophisticated phishing tactics to pose as the American Red Cross and spread malware through two newly discovered trojans – DangerAds and AtlasAgent.
According to the report, the threat actors start their attacks by sending phishing emails to users on behalf of the American Red Cross, advertising fake events like the “September 2023 Blood Drive.” These emails, however, contain a macro-enabled Word document, which apparently includes important information about the donation process. Although Microsoft disabled macros in internet-downloaded files long ago, requiring users to click “Enable Content” to access them, those who inadvertently click the button start the installation of the two malware.
Initially, the DangerAds malware, operating as both a loader and profiler, creates a task called “Microsoft Office Updates” to activate DangerAds daily for three days, during which it looks for specific characteristics. If found, the malware then paves the way for AtlasAgent, which gathers host and process details, obstructs the launch of multiple programs, executes additional shellcodes, and retrieves additional malware from the threat actor’s command and control (C2) servers.
The motive behind these attacks?
Since AtlasCross appears to have a relatively narrow focus, primarily focusing on targeted attacks against specific hosts, the true motive of the hackers remains unclear. As such, users should take measures to protect themselves from such threats. This includes carefully checking the source email address and not downloading or opening any documents containing macros.
“After an in-depth study of the attack process, NSFOCUS Security Labs found that this APT threat actor is quite different from known signs in terms of the execution flow, attack technology stack, attack tools, details, behaviour tendency and other main attribution indicators,” reads the report.
2023-10-02 15:07:08