Hackers Abusing Windows Search Feature to Install Remote Access Trojans
Clicking on the link generates a warning "Open Windows Explorer?", approving which "the search results of remotely hosted malicious shortcut files are displayed in Windows Explorer disguised as PDFs or other trusted icons, just like local search results," the researchers explained. Should a victim click on one of the shortcut files, it leads to the execution of a rogue dynamic-link library (DLL) using the regsvr32.exe utility. The infections lead to the installation of AsyncRAT and Remcos RAT, offering a pathway for threat actors to remotely control the hosts, steal sensitive information, and even sell access to other threat actors.
Phishing and Malware Campaigns
Avoid clicking on suspicious URLs or downloading HTML files from unknown sources
Avoid untrust worthy links practice hovering before clicking, analyze the URL, and avoid click bait
Enhance cybersecurity training for your team on how to spot potentially suspicious phishing campaigns
Isolate any infected systems and quarantine the system
Notify relevant parties according to your Incident Response Plan
Reach out to cybersecurity professionals to help contain the attack, analyze the risk, and devise a recovery plan.
1. The Hacker News. (2023, July 28). Hackers Abusing Windows Search Feature to Install Remote Access Trojans. https://thehackernews.com/2023/07/hackers-abusing-windows-search-feature.html
How can CyberForce|Q services help you address this risk?
Partner with CyberForce|Q to mitigate phishing and malware campaigns risk. Our cutting-edge Security Operations Center is purpose-bult to tackle the challenge of monitoring phishing attempts 24x7x265. By leveraging our services, we can help minimize the risk associated with phishing and malware campaigns with measurable results.