Dropbox Sign Breach Exposes Customer Data
Cloud storage giant Dropbox has recently disclosed a data breach affecting its eSignature service, Dropbox Sign (formerly HelloSign). The incident highlights the ongoing risks businesses…
Hackers Abusing Windows Search to Spread Malware
Cyber security researchers at SOCRadar and Trellix have recently uncovered a new method hackers are using to spread malware on Windows computers. This method takes advantage of a Windows feature called the “search-ms” protocol handler.
What is the “search-ms” protocol handler?
The “search-ms” feature allows you to quickly search for files and folders on your computer or network. When you click on a specially crafted link, it will start a search using the “search-ms” system.
How are hackers abusing this feature?
Hackers are creating phishing emails and websites with links that use the “search-ms” protocol. When you click these links, it secretly searches a hacker-controlled server and shows you fake search results. These fake results look like real files on your computer, but they are actually shortcuts to malware.
If you click these malicious shortcuts, it will download malware onto your computer. This allows hackers to infect your computer with dangerous programs called “remote access trojans” or RATs.
What can RAT malware do?
Once installed, RAT malware allows hackers to:
- Steal sensitive information like passwords and financial data
- Remotely control your computer
- Use your computer for criminal activities
Notable Attributes:
- The use of unique file signatures/fingerprints and frequent updates to malicious files are employed to obscure their true nature, making it harder for security software and measures to detect and prevent them.
- Additionally, the use of SSL encryption throughout the attack further enhances the ability to evade network security measures.
How to stay safe:
- Be very cautious of email links, even if you know the sender. Hover over links to check the real destination.
- Don’t download files from websites you don’t fully trust.
- Keep your anti-virus software up-to-date.
- Consider disabling the “search-ms” feature if you don’t need it. This prevents abuse.
While this threat sounds scary, just exercising caution with links and downloads will go a long way in keeping you safe. Be skeptical of anything encouraging you to download files or shortcuts.
Related Links:
Related articles
Social Media Fraud: The Evolving Threat and How to Defend Yourself
Social media platforms offer connection and entertainment, but they’ve also become a hunting ground for sophisticated scammers. These criminals are increasingly turning to a combination…
DarkGate Malware: Threat Exploiting AutoHotkey
The DarkGate malware family, a persistent threat since 2018, has recently resurfaced in a sophisticated global campaign. This Remote Access Trojan (RAT), built using the…