Beware of Phishing Emails Disguised as Project Proposals
ID: c20d6d46-f0ae-51bc-a7f7-2304ebd8d8c2
STIX ID: report--c20d6d46-f0ae-51bc-a7f7-2304ebd8d8c2
Feed Name: ASEC
AhnLab ASEC warns of a phishing campaign using project-proposal themed emails with compressed attachments containing obfuscated JavaScript that executes PowerShell to decrypt and run SnakeKeylogger in memory; the infostealer harvests web browser data, system information and keystrokes and exfiltrates via SMTP or Telegram, with C2 details and an MD5 provided. The report also includes user guidance on verifying senders, checking links/attachments, and avoiding credential entry on suspicious pages.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
