Hackers are very inventive when they want to do one attack. They are constantly searching for vulnerabilities, "hacking" files to serve their purposes, and much more. This time, some hackers use malicious MSI files that download and run malicious files that bypass conventional security systems.
Malware can turn off systems and targeting financial systems located in specific locations.
As the TrendMicro security company discovered, hackers carried malicious * .msi files through spam emails. Malicious files contained JScript / VBScript.
Malicious code JS is embedded in the * .msi file and downloads the text and other files from the Amazonaws server. Typically, the files contained in the malicious software have names like Jesus or dump. The text file is called desktop.txt, desktop, and desktop.ini.
First, a spam mail is sent to the victim, containing one malicious attached. If the victim opens the attachment, then his system will be infected.
According to research, hackers are targeting users in Brazil and Portugal, mainly financial institutions and institutions for the purpose of posting information.
Hackers use MSI files to bypass the security solutions used by most organizations. MSI files "masquerade" into Adobe Acrobat Reader DC and drive users to the Portuguese website.
Researchers believe that hackers use different methods in their victims in Brazil and Portugal.