We have been covering Ransomware on TheWindowsClub – the sole purpose of this being to warn Windows users to safeguard themselves from such attacks.With the onset of the holiday season, it is but obvious for us to frenzy shop without actually worrying about the credit card bill. Despite relying on the email and text notifications it is quite possible that we are not always on the lookout for a fraud. What if your card is charged with an amount that you never spent in the first place? Welcome to the world of Credit Card thefts.
Fake credit card bills push Cerber ransomware
Microsoft security researchers have received samples of personalized emails that seem to be Mastercard notifications. However, under the hood, these emails are nothing but effective malware vectors that can trigger a need to open the payload.
In essence, the Payload is a macro downloader that is embedded in a Word document. Beginning from Office 2010 Microsoft has started showing the documents from unknown sources in Macro view and the macros are disabled by default.
Now for the obvious question what will make the host open the Macro document and come out of the protected mode. Simple, the social engineering methods are employed by the attackers and they display a step by step manual on how to disable the protection. After this, a known ransomware called Cerber is downloaded and folks who don’t have a strong anti malware will be targeted easily.
Below is also a sample of the mail which comes attached with the macros. While the mail is not perfectly formatted the errors are still not eyeball catching in nature.
The macro avoids detection since most of the scanners avoid flagging off password protected content. Once the download completes the macro runs PowerShell commands in order to launch the downloaded ransomware. Just like any other Ransomware the Cerber encrypts the file making them inaccessible and then attempts to collect ransom by opening a window that displays a ransom note as shown below.
A word of advice – invest in a robust antimalware and take precautions while shopping and making online transactions. Take some recautions before clicking on email or web links. For a detailed read, visit Microsoft.
- Tags: Ransomware