Phishing attacks targeting Microsoft Windows Users with three Malwares

Home/Compromised, Data Breach, Internet Security, IOC's, Malware, Microsoft, Targeted Attacks, Tips/Phishing attacks targeting Microsoft Windows Users with three Malwares

Phishing attacks targeting Microsoft Windows Users with three Malwares

A sophisticated phishing campaign has started targeting Windows User. But, this campaign differs from other phishing attacks as it installs three malwares into the victim’s system.

The phishing attack is a fraudulent activity that purports to have a genuine purpose and tricks the victim in revealing their information. Usually done through the email.

The sensitive information includes credentials, username and passwords and even the banking details of the victim.


At first, a phishing email is sent to the victim as a genuine payment report which contains a Microsoft Excel document. This excel document containing malicious macros is flagged as potential security concern by Microsoft Excel.

Screenshot of the security notice that launches when opening the Excel document
Source : Fortinet

If the user ignores the alert, the malware will be delivered in the victim’s system.

The Visual Basic Application (VBA) and PowerShell are used to retrieve the malware for installation into the target’s system. Here, the PowerShell code is divided into three different malware codes that are to be installed.

Outlines of the PowerShell code inside “mainpw.dll”
Source : Fortinet

Though it is still unclear that why there are three malwares but, it is predicted that number of malwares installed makes the attack easier for the threat actors.


The three malwares are,

  1. AveMariaRAT,
  2. BitRAT and
  3. PandoraHVNC

The BitRAT is dangerous, as it can have complete control over the infected system. Including the camera (webcam view), microphone (audio), download additional malicious files and even crypto mining is possible by the threat actors involved.


It is clear from the current events that hackers or threat actors or whatever we call them are active in improving their way of stealing.

So, the Organizations must educate their employees about identifying phishing attacks.

Constant updation of security software can help in securing our system from being a target.



  • hxxps://taxfile[.]mediafire[.]com/file/6hxdxdkgeyq0z1o/APRL27[.]htm/file
  • hxxps://www[.]mediafire[.]com/file/c3zcoq7ay6nql9i/back[.]htm/file
  • hxxps://www[.]mediafire[.]com/file/jjyy2npmnhx6o49/Start[.]htm/file
  • hxxps://taxmogalupupitpamobitola[.]blogspot[.]com/atom[.]xml

Sample SHA-256 Involved in the Campaign:







By | 2022-05-19T18:43:28+05:30 May 19th, 2022|Compromised, Data Breach, Internet Security, IOC's, Malware, Microsoft, Targeted Attacks, Tips|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!