Shipment Notification Delivers Muncy Trojan

Delaware, USA – February 25, 2019 – A reputable logistics company’s brand name was noticed in a malspam campaign, SI-LAB researchers inform. In spite of the fact that DHL marketing name has been widely used in phishing campaigns to deliver plenty of malware strains, the recent Muncy seems to be successful worldwide deluding victims open the received malicious attachments.

The malware campaign takes the most of poorly configured SMTP servers. The received emails contain a PDF attachment, however, the extracted file is a malicious executable. Once the file is executed, it initiates scanning of C drive for sensitive information, first of all, FTP files, and transfers it to the fraudsters’ domain.
However, the trojan is a vivid example of high-speed refinement of malware, the spamming started the same day the crackers’ domain was created and its certificate is dated just a day before. Muncy uses a threadbare way to sneak into the victim’s system masquerading as a PDF file. Stealing sensitive data is a common reason for numerous malware campaigns and the threat actors never stop improving their weapons as we can see from recent attacks.

The researchers assume that some hardcoded functions of Muncy could perform brute-force attacks. Protect your infrastructure from unauthorized access attempts with Brute Force Detection that analyses authentification events from various system and services.
https://my.socprime.com/en/integrations/brute-force-detection-arcsight