A new phishing campaign has hit more companies, including some that have operations in Sweden. Attachments named after the victim's company can become a gateway for attackers.


Operations in Sweden have been affected

A new phishing campaign targeting at least 27 different companies has detected of the group MalwareHunterTeam. It is mainly American and Australian companies that have been affected, but also a number that have operations in Sweden. Of these, SAS, Agilent and Vibracoustic have so far been reported to have been affected.

A phishing attack and a spoofing attack are two similar attacks. Phishing attacks are designed to infect the victim's device. Spoofing attacks are instead about stealing information from the victim, such as account details or identity theft.

A classic way to carry out a phishing attack is to send an email to the victim claiming to be a credible source, even though you are not. The message attaches a malicious file that the victim is tricked into opening, and then infected.

This phishing campaign works the same way. The attacker claims to be one of the company's manufacturers or clients and attaches a file that uses the company name and has the file extension ".slk". An example of such a file could have been "Messier LLC.slk". The file hides multiple macros, or malicious instructions, which cause the computer to download a trojan, which after installation gives the attacker complete control over the computer and its network.


The phishing campaign is no longer active

The trojan used to take over the victim's computer is now no longer stated to be available online. Thus, the threat from this particular phishing campaign is over at the moment.

Phishing is a recurring problem on the Internet. To protect oneself, one must have routines and appropriate protection installed on the device.

Recently broke that Microsoft Azure had fixed two serious vulnerabilities. They could endanger the Azure servers and their corporate customers. Do you have routines and knowledge to protect your infrastructure?

CYPRO offers solutions to protect against phishing and prevent dangerous code from entering your network. click here to book a free consultation.


By Ludwig Wideskär, CYPRO