It has been reported that a powerful form of malware which can be used to distribute threats including Trojans, ransomware and malicious cryptocurrency mining software has been updated with a new technique which has rarely been seen in the wild. Distributed in spam email phishing campaigns, Smoke Loader has been sporadically active since 2011 but has continually evolved. The malware has been particularly busy throughout 2018, with campaigns including the distribution of Smoke Loader via fake patches for the Meltdown and Spectre vulnerabilities which emerged earlier this year.
Ross Rustici, Senior Director of Intelligence Services at Cybereason:
“This is the case of an old dog learning new tricks. Malware development like any software is often an iterative process, so seeing well known malware make headlines years or even a decade after first discovery is not surprising. What is surprising is that exploit kits are being hailed as the first to use a new injection technique that was well known nine months ago. Given the evolution path of Smoke Loader and exploit kits in general, I’d be surprised if the authors of this malware are actually the first to use this injection technique in the wild. First seen rarely equates to first use in cybersecurity.
Ultimately the only way for employees to not fall victim to phishing scams is by fostering a healthy sense of paranoia. Targeting phishing scams have gotten so good that it is very hard to distinguish what is real and what is fake, especially given specific job roles.
The keys to be aware of are always: the sender, is it a known entity and does the email address look correct; the type of information, does the information in the email match the type of information normally associated with the sender; type of link, when hovering over the link does it redirect to an odd website that doesn’t make sense; type of attachment, does the file type make sense and have you ever had to enable a macro before; and finally, always go to the website of the service to conduct any changes to passwords or confirm information, it is an extra step but one that will help prevent credential harvesting.
Running through this type of checklist won’t prevent every phishing scam, but it will go a long way towards reducing the number of successful attempts.”
