10/30/2023 0 Comments Ahk scriptingThese payloads used either the Microsoft Service Identity service or a malicious Finger command to create a second. Meanwhile, the other prompted recipients with the lure of pending legal documents. One of the emails instructed the recipient to download a file protected by a password. Those included harvesting credentials from a victim’s browser and sending them to the attackers.Ī few months later, Cofense came across two phishing emails targeting Spanish users. The operation used the script file to profile victims and perform different tasks. This sent the stolen user input to the attackers and then distributed the threat to other removable media.įast forward to December 2020, when Trend Micro discovered a malicious Excel file concealing an AutoHotkey script compiler executable, a malicious AutoHotkey script file and a VBA AutoOpen macro. Together, those files launched a keylogger. The threat, dubbed Fauxpersky, dropped four files into the affected environment. It disguised itself as Kaspersky Antivirus and spread via infected USB devices. One of the first publicly reported attacks involving AutoHotkey was a credential stealer written in AutoHotkey found in March 2018. How Are Malware Actors Using AutoHotkey Scripts? AutoHotkey scripts can automate repetitive tasks in a Windows app by creating macros, shortcuts or hotkeys. This is a Microsoft product, an open-source scripting language designed for machines running Microsoft Windows. What is new is attackers’ decision to misuse AutoHotkey. A year later, attackers misused the Windows Management Instrumentation Command tool to distribute Astaroth. For example, a threat actor known as Gallmaker used the Microsoft Office Dynamic Data Exchange protocol back in 2018 to spy on its victims. Several attackers involving living-off-the-land methods have made headlines in recent years. We’ve taken a look at one of these, misuse of AutoHotkey, and how to prevent it. That way, most security tech won’t notice something odd going on. They do this in an effort to not install any foreign files or tools as a means. They’re tactics in which attackers misuse tools native to an infected device.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |