New “Paste and Run” Phishing Technique Makes CTRL-V A Cyber Attack Accomplice

09 July 2024

A new phishing campaign tries to trick email recipients into pasting and executing malicious commands on their system that installs DarkGate malware.

Security researchers have discovered a new phishing campaign that leverages a unique user interaction. Normally, phishing campaigns simply need users to open an HTML attachment.

But this campaign opens up a fake Word online page with an overlay dialog box asking users to navigate to the  Windows Run dialog box, pasting the contents of the clipboard, and pressing Enter.

The HTML file loads a malicious PowerShell command into the computer’s clipboard and requires the user to help “deliver” to the OS.

The PowerShell command connects the victim’s computer to a web address that then downloads an HTA file.

What makes this method so strange is it seems almost impossible that anyone would fall for it. Start with the URL in the screenshot above – it’s a local C: drive file path. Then take the button name – “How to Fix." It should at very least just say “Fix.”

And yet, we suspect, there will always be someone who doesn’t know any better who will simply do what they’re asked to do and… just like that Ctrl-V has become part of the cyber attack.

Users that undergo continual security awareness training will see right through such poor execution and protect the organization against phishing and social engineering attacks.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

 

 

Related News

How the CISO Can Transform Into a True Cyber Hero

08 Jul 2024

Three steps that can help CISOs bring calm to incident response, redefine how they are perceived, and emerge as the hero in a cyber crisis.

Read More

Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

07 May 2024

Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S.

Read More

Understanding Vulnerabilities and Configuration issues

03 May 2024

Vulnerabilities refer to flaws or weaknesses in a system that can be exploited by a threat actor to perform unauthorized actions. These vulnerabilities can exist due to inadequate security controls, outdated systems, or inherent weaknesses in software and hardware. Examples include SQL injection, cross-site scripting, and buffer overflow vulnerabilities.

Read More