Subj : Hackers are hijacking Windows Search to hit victims with malware
To   : All
From : TechnologyDaily
Date : Wed Jun 12 2024 15:30:05

Hackers are hijacking Windows Search to hit victims with malware

Date:
Wed, 12 Jun 2024 14:25:09 +0000

Description:
Browsers are tricked into performing fake searches on Windows devices to 
spread malware.

FULL STORY
======================================================================

Experts have discovered a low-volume, but very clever, cybercrime campaign 
abusing the Windows search functionality to trick victims into downloading 
malware . 

The campaign was discovered by cybersecurity researchers from Trustwave 
SpiderLabs, who described it as both clever and being low in volume. 

This technique cleverly obscures the attackers true intent, exploiting the 
trust users place in familiar interfaces and common actions like opening 
email attachments, the researchers said in their write-up . Be wary of your 
inbox 

The attack starts with a phishing email pretending to be an invoice, or 
something similar. It carries a .ZIP archive of an HTML file, and thus 
successfully bypasses antivirus and email security programs that overlook 
compressed contents. 

The HTML file opens up the browser and forces it to directly interact with 
Windows Explorers search function. In turn, Windows Explorer is tasked with 
searching for items labeled as INVOICE, in a specific directory - a server 
tunneled via Cloudflare. Furthermore, the search is renamed to Downloads, 
ultimately tricking victims into thinking they were actually looking at the 
file they downloaded, and not the .ZIP archive. 

Among the files then presented to the victims is a shortcut document (.LNK) 
that points to a batch script (.BAT) hosted on the same server. This script, 
if activated, triggers additional malicious operations. 

Unfortunately, by the time they started analyzing the campaign, the server 
was shut down, preventing the researchers from obtaining the payload. 
Therefore, it is impossible to know what kind of malware the attackers were 
distributing. 

To mitigate the threat, users could disable search-ms/search URI protocol 
handlers by deleting associated registry entries. 

Alternatively, they should be wary of incoming emails carrying attachments: 
As users continue to navigate an increasingly complex threat landscape, 
ongoing education, and proactive security strategies remain paramount in 
safeguarding against such deceptive tactics, the researchers concluded. More 
from TechRadar Pro HTML attachments are more of a security risk than ever - 
here's what you need to know Here's a list of the best firewalls today These 
are the best endpoint protection tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/hackers-are-hijacking-windows-search-to
-hit-victims-with-malware


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.