On Friday, August 14, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), a part of the Department of Homeland Security, issued a warning about a new phishing attack.
Attackers are sending emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) macro code to deploy KONNI malware. KONNI is a remote administration tool (RAT) used by malicious cyber actors to steal files, capture keystrokes, take screenshots, and execute arbitrary code on infected hosts.
Phishing attacks are typically designed to collect user data (such as usernames and passwords) and transmit that information back to the attacker. However, in this situation, the attacker is also sending malware to your inbox. CISA is recommending that all users maintain “situational awareness” and be cautious when downloading attachments, even if they seem legitimate or come from a known contact.
Apheus is closely monitoring this latest attack scheme and is warning all of our customers to take extra caution when downloading or even viewing attachments. Users who have older Windows 7 machines may be more vulnerable to this type of attack. In addition, users who do not have an active antivirus subscription may be subject to greater risk. According to the alert from CISA, file and print sharing services may also be at greater risk.