Stealthy phishing attack uses advanced infostealer for data exfiltration, Barracuda research reveals
Barracuda Networks, Inc., a leading provider of cloud-first security solutions has released a new research observed by Barracuda threat analyst showing phishing attacks featuring an advanced, stealthy technique designed to exfiltrate a wide range of sensitive information.
The technique involves sophisticated infostealer malware able to collect PDF files and directories from most folders, as well as browser information such as session cookies, saved credit card details, bitcoin-related extensions, and web history, and more, which the attackers then transmit to a remote email account as a zipped attachment.
It is unusual to see infostealers designed to collect and exfiltrate such a wide range of information.
According to Barracuda researchers, the attack begins with a phishing email encouraging the recipient to open an attached purchase order.
The attachment contains a disc image file. Inside that is another file, which in turn downloads and executes a series of malicious payloads. The final payload is the infostealer, an obfuscated and encrypted Python script, which goes through various levels of decoding and decrypting to get to the final code. The infostealer can collect, ZIP and exfiltrate a wide range of sensitive data to a remote email account.
“Most phishing attacks are associated with data theft, but here we are looking at an attack designed for extensive data exfiltration executed by a sophisticated infostealer,” said Saravanan Mohan, Manager – Threat Analyst at Barracuda. “The amount and range of sensitive information that can be taken is extensive. Some can potentially be leveraged in further malicious activity, such as lateral movement or financial fraud. As cybercriminals continue to develop sophisticated methods to steal critical information, it’s important for businesses to stay vigilant and proactive in their cybersecurity efforts.”
Effective security measures include implementing robust security protocols, continuously monitoring for suspicious activity, and, more importantly, educating employees on potential risks are key strategies in mitigating the risk of data exfiltration. Email protection solutions that feature multi-layered, AI and machine-learning-powered detection prevent these types of attacks from reaching user inboxes.