An ongoing phishing attack based on Separ Malware has infected hundreds of businesses. This phishing campaign initiated in the end of January & has affected over 200 companies & more than thousands of individuals by now.
What is Separ Malware?
Separ Malware is a credential stealer attack that has existed since the end of 2017. However, its latest wave has just returned which is shockingly so dexterous to avoid any software or malware detection services.
By now, it has targeted more than 1200 systems to steal their browser and email credentials. Since the attack started at the end of January, so far it has affected major part of Southeast Asia, the Middle East, and North America.
According to security experts, “Although the attack mechanism used by this malicious software is very simple and no attempt has been made by the attacker to avoid resolution, the increase in the number of victims affected by this malicious software indicates that simple attacks can be much more effective.”
How Separ Malware is Executed?
The upgraded version of Separ Malware is a combination of short scripts, batch files & legitimate executable files. The most recent Spear attacks arrived in a PDF Document via email. It could pose as an important organization quotation or regular business shipments or related to equipment specifications.
Once a victim clicks on it, the document launches a string of other applications & files, the self-extractor calls ‘wscript.exe’ to run a VB Script known as ‘adobel.vbs’. These legit files are further abused to perform malicious functions, mainly with the aim of gathering information.
Based on various sources, all the collected data could be used for Business Email Compromise attacks, which can cause a significant financial loss to businesses. The new version of Separ Malware uses a bunch of password-dumping tools to steal credentials & FTP client to upload collected data to a legitimate service called – freehostia(.)com.
Known Files Associated With Separ Attack Are
Beware of Separ Malware Attack!
Several researchers have warned that the phishing campaign is still ongoing. Therefore, it is recommended for your organization to restrict the use of scripting tools to protect against this attack. Popular Anti-Spam solutions like Systweak Anti-malware for Mac & Advanced System Protector for Windows can also help to prevent the infectious emails from being delivered. Also, there’s no harm in training your employees about Best Email Security Practices!