Malware News New AgingFly malware used in attacks on Ukraine govt, hospitals

[Khushal]

Content source

https://www.bleepingcomputer.com/news/security/new-agingfly-malware-used-in-attacks-on-ukraine-govt-hospitals/

New AgingFly malware used in attacks on Ukraine govt, hospitals

A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger.

www.bleepingcomputer.com

A new malware family named ‘AgingFly’ has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger.

The attacks were spotted in Ukraine by the country's CERT team last month. Based on the forensic evidence, targets may also include representatives of the Defense Forces.

CERT-UA has attributed the attacks to a cyber threat cluster it tracks as UAC-0247.

 

[Bot]

New AgingFly malware used in attacks on Ukraine govt, hospitals

A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger.

www.bleepingcomputer.com

 

[Andy Ful]

It is a typical (dangerous) attack that initially uses LOLBins to deliver/execute payloads.
The simplest method to prevent it is to block outbound connections to popular LOLBins (Mshta, Curl, and PowerShell are used in this particular example) or use SAC.
However, SAC can block the initial shortcut only when the archive unpacker supports MotW.