Everyone likes to get free stuff. Admittedly it’s better if it’s a free vacation or free money. However, researchers at Palo Alto Networks have found a way you can get FreeMilk. Hey, free is free! There is bad news, of course. It comes in the form of malware. The schemers have figured out a way to intercept ongoing email “conversations” to distribute malware around the world. It exploits either a Microsoft Office or WordPad vulnerability and involves two steps.
It uses a decoy document in an email message that uses specific information about the recipient in hopes it’ll make him or her think it’s an authentic message, as part one. That’s what they put together when they intercept the email conversation. This is the PoohMilk part of this. Then comes Freenki. This does the damage. It collects information such as user name, computer name, active processes on the computer, and can take screenshots of the device. The information is then sent to the attackers who can use it for other attacks.
In spearphishing, attackers gather information about the intended targets. This could be acquired from social media profiles and posts, such as from Facebook or LinkedIn, but could also be a result of a phishing phone call (vishing). Then they use it to craft the email. Since the recipients see all the specific information, they are more likely to click a link or attachment.
Just because the information may be accurate and specific, doesn’t make any attachment free of harm. Question why a document may be coming in the middle of a conversation before clicking it. Call the sender on the phone and ask about it first. You can even send a text. Just don’t reply to the message and in this case, it’s better if you don’t send email at all.
There are literally no attachments that are safe these days. Malware can come in the form of documents, spreadsheets, executable files, text files, images, and anything else you can come up with. If you are not expecting an attachment or link, don’t click it.
This is fortunately, a limited spearphishing campaign discovered by the researchers in May of this year. But that doesn’t mean it won’t come across your inbox. Always be on the lookout for these scams.
© Copyright 2017 Stickley on Security