LTS Secure Warning: Attacker Targeting Hotel Industry In North America Via Phishing To Deploy NetWiredRC Trojan

Attackers are conducting series of phishing attacks containing malicious attachment, against finance department of hotel chains across North America to drop powerful trojan “NetWiredRC“.

 

Technical Details

The first phase of the attack being by sending emails with the malicious attachment, to the finance department of the target hotels. The email states that there are outstanding bills against part of the company’s service, which can be viewed in the attached Zip file.

Once the victim opens the zip file, a shortcut file gets extracted on the device. The shortcut icon is disguised as a bill, so that it doesn’t raise any suspicion. Upon clicking the file, the trojan gets downloaded from the following URLhttp[:]//13.67.107.73:80/amtq/out-441441271.ps1. After which the powershell script – Out-441441271.ps1 is being utilized to release .NET Trojan psd.exe.

 

Impact

  • Disk & system information enumeration along with directory listing.
  • Capture screenshots.
  • Ability to create process to achieve necessary goal.
  • Clone mouse and keyboard inputs.
  • Can find, read, write, delete, and copy files.
  • Steal sensitive/confidential information like login credentials of banking sites, cookies, etc.

 

Recommended Actions

  • Isolate all of the compromised computers ASAP to prevent threats from spreading further inside your infrastructure.
  • Never download any suspicious attachments or click on any shady-looking link. Take an effort to educate your users on how to identify a malspam.
  • Always update your anti-virus software with the latest releases.
  • Periodically run “full system scan” on your endpoints.
  • Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.

 

LTS Secure Locations
  • Florida: 407-965-5509
    Los Angeles: 323-544-5013
    Mid West: 800 689 4506

  • Chicago/Midwest– 2406 Schumacher Drive, Mishawaka, IN, 46545

    201, Tower S4, Phase II, Cybercity, Magarpatta Township, Hadapsar, Pune-411013

Leave us a messages Leave us a messages

← Prev Step

Thanks for contacting us. We'll get back to you as soon as we can.

Please provide a valid name, email, and question.

Powered by LivelyChat
Powered by LivelyChat Delete History