The undetected PowerShell ransomware was used to attack the popular German car dealer. The attack launched through the spear phishing email looked like a mail delivery notification.
The HTML message contains the image tag with the link used to notify the attacker about opening the email:
<img src="hxxp://joelosteel.gdn/wp-admin/open.php?M=824054&N=11&L=8">
The zip attachment contains JavaScript that starts PowerShell and executes the ransomware script.
The JS was not detected by any of the antiviruses when first uploaded.
No comments:
Post a Comment