οΈ Beware. Phishing attacks via HTML attachments. We continue our security story.
24 Jan 2023, 14:00
βοΈ Beware! Phishing attacks via HTML attachments
We continue our security story! π
π¨ Be careful with email newsletters, as attacks using HTML attachments are now one of the most common types of spam.
Phishing campaigns involving the Qakbot malware use Scalable Vector Graphics (SVG) images embedded in HTML email attachments.
The scheme is simple:
π‘They send out emails with an HTML attachment.
π‘When the victim opens the attachment from the email, the JavaScript code inside the SVG image is triggered, creating a malicious ZIP archive.
π‘A dialog box opens to save the file.
π‘The ZIP archive is password protected β it requires the user to enter a password, which is displayed in an HTML attachment, then an ISO image is extracted to launch the Qakbot Trojan.
π¨ Be vigilant and do not download files that open in a dialog box from mailing lists!
ββββββββββ
β
Website π Telegram-chat
π Twitter π YouTube
π Medium π Discord
π Reddit βοΈ CMC
#security