Security News > 2022 > December > Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials
A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials.
LNK files are used to initiate code execution which eventually downloads and runs a malicious C# payload, which functions as a remote access trojan," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a new report.
The latest attack sequence observed by Securonix over the past couple of weeks entails using phishing emails to lure potential victims into opening a shortcut file to execute a remote.
HTA file leads to the execution of obfuscated JavaScript code that's designed to show a decoy image file that features an announcement from the Indian Ministry of Defence a year ago in December 2021.
The exfiltration component also includes an option to specifically search for a database file created by the Kavach app on the system to store the credentials.
It's worth noting that the aforementioned infection chain was disclosed by the MalwareHunterTeam in a series of tweets on December 8, 2022, describing the remote access trojan as MargulasRAT. "Based on correlated data from the binary samples obtained of the RAT used by the threat actors, this campaign has been going on against Indian targets undetected for the last year," the researchers said.
News URL
https://thehackernews.com/2022/12/researchers-warn-of-kavach-2fa-phishing.html
Related news
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (source)
- MiTM phishing attack can let attackers unlock and steal a Tesla (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. (source)
- Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (source)
- Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (source)
- TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (source)
- FBI warns of massive wave of road toll SMS phishing attacks (source)