Yuni 9, 2017

Wannan Sabon harin Malware ta hanyar Fayilolin PowerPoint na Microsoft yana Yadawa Ba Tare da Bukatar Macros ba

Baƙon abu ba ne ga masu aikata laifuka na yanar gizo su isar da malware don yiwa kwamfutocin kutse ta amfani da fayilolin Microsoft Office na musamman, musamman takaddun Kalmar, waɗanda ke haɗe da imel ɗin imel. Wadannan hare-haren galibi suna dogara ne da aikin injiniya na zamantakewa don yaudarar mai amfani da niyya don ba Vros macros saka a cikin takaddar.

Amma yanzu, an gano wani sabon harin injiniyan zamantakewar, wanda baya buƙatar masu amfani su kunna macros. Masu bincike a kamfanin tsaro, SentinelOne sun gano kwanan nan cewa gungun masu satar bayanai suna amfani da shi PowerShell yayi umarni saka ciki a Fayil na PowerPoint (PPT) - aiwatar da malware akan tsarin da aka nufa, ba tare da buƙatar Macros, JavaScript ko VBA macros ba.

Waɗannan fayilolin PowerPoint masu ƙeta suna rarraba malware da ake kira 'Zusy,' a banki Trojan, cewa hari kudi yanar. Waɗannan fayilolin, masu suna “order.ppsx” ko “invoice.ppsx,” an rarraba su ta hanyar imel na imel tare da take kamar "Umurnin Saya # 130527" da kuma "Tabbatarwa."

Bugu da ƙari, mummunar layin PowerShell da ke ɓoye a cikin takaddar tana haifar da zaran wanda aka azabtar ya motsa / ya ɗora linzamin kwamfuta akan hanyar haɗin yanar gizo, wanda ke zazzage ƙarin biyan kuɗi a kan injin wanda aka cutar - ko da ba tare da danna shi ba.

Lokacin da aka buɗe fayil ɗin PowerPoint mai ɓarna, yana nuna allo tare da mahaɗi ɗaya wanda ya ce “Ana loda… Da fatan za a jira”:

Wannan Sabon harin Malware ta hanyar Fayilolin Microsoft PowerPoint yana Yadawa Ba Tare da Bukatar Macros ba (3)

Lokacin da mai amfani ya ɗora linzamin kwamfuta akan mahaɗin - koda ba tare da danna shi ba, yana haifar da PowerPoint don aiwatar da lambar PowerShell ta atomatik, shirin waje. Koyaya, lambar ba ta aiwatar da kansa ta atomatik da zarar an buɗe fayil ɗin. Siffar kariya mai kariya wacce ta zo ta tsoho a cikin mafi yawan sifofin ofis masu goyan baya, gami da Office 2013 da Office 2010, yana nuna babban gargaɗi kuma yana tunzura su don kunna ko musanya abun ciki.

Wannan Sabon harin na Malware ta hanyar Fayilolin PowerPoint na Microsoft ya Fadada Ba Tare da Bukatar Macros ba.

Idan mai amfani ya manta da wannan gargaɗin kuma ya ba da damar kallon abun cikin, ana aiwatar da lambar PowerShell kuma ana tuntuɓar wani yanki mai suna “cccn.nl”. An zazzage fayil daga wannan yankin kuma an zartar da shi, wanda a ƙarshe ke da alhakin isar da sabon nau'i na Trojan na banki da ake kira Zusy, Tinba, da Tiny Banker.

Wannan Sabon harin Malware ta hanyar Fayilolin Microsoft PowerPoint yana Yadawa Ba Tare da Bukatar Macros ba (4)

Masu binciken tsaro sun kuma nuna cewa duk da cewa harin ba ya tasiri idan aka bude mummunan amfani da PowerPoint Viewer, kuma akasarin nau'ikan ofis suna gargadin mai amfani da shi kafin a aiwatar da lambar, hanyar na iya zama mai inganci a wasu lokuta.

“Masu amfani har yanzu suna iya ba da damar shirye-shiryen waje saboda suna kasala, cikin gaggawa, ko kuma ana amfani da su ne kawai don toshe macros. Har ila yau, wasu ƙayyadaddun bayanai na iya zama mafi halatta a aiwatar da shirye-shiryen waje fiye da yadda suke tare da macros, ”in ji SentinelOne Labs a cikin blog post.

Game da marubucin 

Chaitanya


{"email": "Adireshin imel ba daidai ba ne", "url": "Adireshin gidan yanar gizo ba shi da inganci", "required": "Filin da ake buƙata ya ɓace"}