Lampion Banking Malware Reappears in WeTransfer Phishing Attacks

Home/malicious cyber actors, Malicious extension, Malware, phishing, Security Advisory, Security Update/Lampion Banking Malware Reappears in WeTransfer Phishing Attacks

Lampion Banking Malware Reappears in WeTransfer Phishing Attacks

Lampion malware operators use the free file-sharing platform WeTransfer to perform phishing attacks. This way, attackers can avoid security alerts since they are tricking users into downloading from a trustworthy service. 

The malware has been around since at least 2019, is spread through emails containing a link that downloads a .zip file with malicious files in it. It’s a banking Trojan: criminals developed it to steal information related to banking portals from the victim’s devices or make fraudulent transactions.

How the Phishing Campaign Works

In this new campaign, Lampion sends phishing emails to WeTransfer users encouraging them to interact with a link in order to download a “Proof of Payment” document from the platform, as discovered by Cofense.

The attack begins once the user executes the script file, and a WScript process starts, which generates four additional VBS files with random names.

One of them can run the fourth script, starting yet another WScript process to retrieve DLL files stored in ZIP files with hardcoded passwords.

At last, Lampion is executed in stealth. The malware can start stealing data using techniques such as overlay attacks and injections on compromised systems. 

Recommendations 

  • Use antivirus software and scan for threats. 
  • Keep sensitive data out of reach, and encrypt it where you can. 
  • Before clicking any link or downloading a file, ensure it is safe

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2022-09-12T22:33:48+05:30 September 12th, 2022|malicious cyber actors, Malicious extension, Malware, phishing, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!