HomeUpdateHTML attachments are now a new technique for hackers

HTML attachments are now a new technique for hackers


Last Updated on 27/01/2022 by Nidhi Khandelwal

As part of a malware campaign that began in September 2021, a new, sophisticated phishing assault has been identified that delivers the AsyncRAT trojan.

HTML attachments are now a new technique for hackers 1

The attacks start with an email message that contains an HTML attachment that looks like an order confirmation receipt (for example, Receipt-digits>.html). When the mail receiver opens the decoy file, they are directed to a web page that asks them to save an ISO file.

Unlike past RAT campaigns that direct victims to a phishing URL set up specifically for downloading the next-stage malware, the latest RAT campaign smartly leverages JavaScript to construct the ISO file locally from a Base64-encoded text and imitate the download process.

“A JavaScript code hidden inside the HTML receipt file generates the ISO download from within the victim’s browser, not from a distant server,” Dereviashkin added.

HTML attachments are now a new technique for hackers 2

When the victim accesses the ISO file, it is mounted as a DVD Drive on the Windows host and contains either a.BAT or a.VBS file that continues the infection chain by executing a PowerShell command to fetch a next-stage component.

This causes a.NET module to be executed in memory, which then functions as a dropper for three files, each of which acts as a trigger for the next, to deliver AsyncRAT as the final payload, while also scanning for antivirus protection and setting up Windows Defender exclusions.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -[the_ad id="13487"]

Must Read

Why Have Scraper APIs Become So Popular?

Web scraping APIs existed as long as the web itself. However, the usage and functionality of scraping have shifted dramatically in the past few...