August 15, 2024
By Cybervergent Team

The Wolf In Sheep’s Clothing

Abimbola was in her usual morning routine, ready to signin with her Google Authenticator app. A notification popped up, urging her toupdate the app. Without hesitation, she clicked the download button. This seemingly routine action was a gateway for trouble. Hidden within the update were two malicious programs, ready to infiltrate her device. Little did Abimbola know,she had just fallen victim to a cleverly disguised cyberattack.

The Threat

sophisticated phishing campaign has surfaced, masquerading as the Google Safety Centre.Unsuspecting users are lured into downloading a malicious file, falsely presented as the popular Google Authenticator app.  

Hunting for Prey

An email or message is sent to a user whouses the Google Authentication App to update to the latest version, users aredirected to the download page and end up installing two malware. At this point, the fish has taken the bait, and the two malicious software:  Latrodectus and ACR Stealer have been installed. Latrodectus is a downloader that executes commands from a Command and Control (C&C) server. This enables attackers to remotely control the infected device, potentially leading to further malicious activities.

Onthe other hand, ACR Stealer utilizes a technique called Dead Drop Resolver to obscure its C&C server details. This makes it challenging for cybersecurity experts to trace and mitigate the threat.

Evasion Techniques

This phishing campaign stands out due to its advanced evasion techniques, signaling ahigh level of sophistication. The attackers consistently enhance their malware,rendering it challenging for conventional security measures to detect andcounter the threat. 

 

How to Protect Yourself

1.     Usersare advised to exercise caution when receiving unsolicitedemails or messages, especially those that request software downloads.

2.     Verify the authenticity of communication bydirectly contacting the official source.

3.     As Cybercriminals continue to improve theirtechniques, individuals and organizations should stay informed and proactivewhile protecting the digital space.