New Phishing Emails Trick Users into Pasting Malicious Commands

A new phishing campaign tricks users into pasting and executing harmful commands on their systems, leading to the installation of DarkGate malware.

How the Phishing Scam Works

1. Phishing Emails: Attackers send emails pretending to be from legitimate businesses or organizations. These emails often discuss topics like fee processing or operational instructions to lure recipients into opening attached files.

2. Fake Attachments: The emails contain HTML attachments that, when clicked, display a fake message disguised as a Microsoft Word document in the browser.

3. Deceptive Instructions: The fake message directs users to click a “How to fix” button. This button provides instructions to type specific keyboard commands—first [Win+R], then [Ctrl+V], and press [Enter].
4. PowerShell Commands: Alternatively, users might be directed to open the Windows PowerShell terminal and paste commands by right-clicking. This action pastes a malicious script into the terminal, which then executes malware on their system.

How To Protect Yourself

• Be cautious with unsolicited emails, even if they seem legitimate.
• Avoid opening attachments or clicking links until verifying the sender and content.
• Be wary of messages asking to execute commands.
• Keep up-to-date with the latest cybersecurity threats and ensure your software is updated with the latest security patches. Subscribe to stay informed.