FreeMilk Phishing Attack Infiltrate Computers Using Malicious Codes


FreeMilk Phishing Attack: Security researchers has discovered a new malware that is attacking many computers without the knowledge of user. Palo Alto Networks Unit 42 identified a limited spear phishing campaign targeting various individuals across the world. The threat actor leveraged the CVE-2017-0199 Microsoft Word Office/WordPad Remote Code Execution Vulnerability with carefully crafted decoy content customized for each target recipient.

The spear phishing campaign has “a limited but wide range of targets in different regions,” Palo Alto Networks said. Threat actors intercept a legitimate, ongoing conversation between two recipients and pose as one of them using messages that seem as if the victim is still communicating with the original person they were emailing.

FreeMilk Phishing Attack May Damage Your Data Privacy

Upon successful execution of a FreeMilk phishing attack, two payloads named PoohMilk and Freenkin gets installed on the targeted system. PoohMilk’s primary motive is to run the Freenki downloader. Freenki, on the other hand, performs two different task – the first is to collect information from the host and the second is to act as a second-stage downloader which further downloads sophisticated malware.

PoohMilk’s main goal is to run the Freenki downloader. Freenki, on the other hand, has two purposes – to collect host information and to serve as a second-stage downloader. The malware then collects the host’s MAC address, username, computer name and running processes. Freenki is also able to take screenshots of the infected system and send them over to a command server for the threat actors to exploit and download additional malicious software.

In a number of instances, researchers said the PoohMilk loader was used to load N1stAgent, a remote administration tool that was first seen in a phishing campaign in 2016 that used phishing emails disguised as Hancom’s security patch.

For More Latest Updates: Follow PressKS