Close Menu
    Facebook X (Twitter) Instagram
    Nintendo-Power
    • Home
    • Top News
    • Tech
    • Nintendo
    • Downloads
    • Contact Form
    Nintendo-Power
    Home»Top News»Microsoft Alerts Bank Trojan Attacks Through Contact Forms
    Top News

    Microsoft Alerts Bank Trojan Attacks Through Contact Forms

    Edward LangleyBy Edward LangleyApril 13, 2021No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Microsoft Alerts Bank Trojan Attacks Through Contact Forms
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Microsoft warns about the current malware campaign, during which emails are mainly sent to companies using contact forms. Under one false pretense, recipients should be prompted to click on the link in the emails in order to eventually capture the bank Trojan “ICIDIT”.

    It is questionable whether the masterminds behind the current campaign are specifically targeting German users. Access to Microsoft Security Blog Not revealed. High Security has asked Microsoft about this, but has not yet received an answer. However, ICIDIT is not new to this country: in the past, the modular Trojan was reloaded by Emotet with others, and security experts have already warned about the malware several times this year. So caution is needed in any case.

    Double ambiguity

    The campaign described by Microsoft is targeting business operators with Gmail-based web sites – known or publicly available to the attacker from data leaks, for example as an alternative contact option – i.e. Google Account. If this requirement is met, attackers can use the double blur technique.

    First, they mislead the recipient and spam filtering methods by using the contact form alternate route as a reliable sender. In their respective emails, they place a link to Google Sites, a web hosting service (https://sites.google.com/ (…)), You have previously stored malicious code (or redirect to malicious code). You are configuring Google sites so that the code can only be accessed by entering the victim’s Google access data (or access data from an authorized Google group). According to Microsoft, this additional layer of authentication contributes to the fact that it’s difficult to identify email harm by authentication methods.

    Google sites can be configured as public, but alternatively access to selected Gmail addresses or Google Groups.

    (Image: Screenshot)

    The stored malicious code is in a ZIP archive, and it is back in disguise; Only at the end when this code is executed IcedID Reloaded. In addition, according to Microsoft, a (really legitimate) infiltration test tool, Cobalt Strike (Beacon), will be installed so that attackers can remotely control compromised systems and spread further over the network. Once infected, they can eject banking and other data, among other things, but also reload the malware.

    Automatically sent charges for stolen images

    The emails that Microsoft noticed included allegations of unauthorized use of the respective website and allegations that the document contained evidence in a file with Google sites. To increase the pressure on the victims, there are also threats of legal consequences if the questionable images are not removed. Microsoft cites several senders ending in .yahoo.com and aol.com (mphotographer550, mephotographer890, mgallery487, mephoto224, megallery736 and mshot373) as examples of email addresses entered in the contact form.

    Microsoft has released sample emails from the malware campaign.

    (Image: Microsoft)

    Considering the larger purpose of the campaign, Microsoft believes that sending mails can be automated using a tool that bypasses Google’s ReCAPTCHA mechanism. How this happens is not clear from the blog post; We also asked Microsoft about this. Just a few months ago the audio version of ReCAPTCHA, which had already been hacked several times, was again successfully tampered with by a researcher.

    According to Microsoft, companies need to keep in mind that in the future, similar campaigns could provide other malicious code instead of ICDIT. The wording and excuses of emails sent using the form will vary greatly in the future.


    (ovw)

    Home page

    Edward Langley

    Edward Langley is a contributor to Nintendo-power.com, covering a wide range of topics including news, business, technology, entertainment, lifestyle and current affairs. He focuses on delivering clear, balanced and accessible reporting that helps readers stay informed about important developments and emerging trends. With an emphasis on accuracy, relevance and useful insights, Edward aims to provide engaging stories and practical information that matter to audiences in the UK and beyond.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Acrylic Nails for the Modern Professional: Balancing Style and Practicality

    September 6, 2024

    The Majestic Journey of the African Spurred Tortoise: A Guide to Care and Habitat

    September 2, 2024

    Choosing Between a Russian and a Greek Tortoise: What You Need to Know

    June 21, 2024
    Leave A Reply Cancel Reply

    Navigate
    • Home
    • Top News
    • Tech
    • Nintendo
    • Downloads
    • Contact Form
    Pages
    • About Us
    • Contact Us
    • DMCA
    • Editorial Policy
    • Privacy Policy
    • Nintendo Power – Latest Gaming News, Reviews & Retro Updates
    Recent
    • Games Done Quick Reveals Flame Fatales 2026 Schedule Supporting Malala Fund
    • 17,000 Brain Scans Reveal Unexpected Ethnic Differences in Alzheimer’s Disease Biology
    • Lenovo Unveils Mini PC Built Around Downloadable AI Skills Instead of Traditional Software
    • Uranus and Neptune May Be Magma Worlds Rather Than Ice Giants
    • Women’s Prize for Fiction 2026 Longlist Revealed with Susan Choi and Katie Kitamura Among Contenders
    • About Us
    • Contact Us
    • DMCA
    • Editorial Policy
    • Privacy Policy
    • Nintendo Power – Latest Gaming News, Reviews & Retro Updates
    © 2026 Nintendo Power. All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.