June 11, 2024 at 11:20AM
A new Windows malware called ‘Warmcookie’ is being spread through fake job offer phishing campaigns to infiltrate corporate networks. It is capable of machine fingerprinting, screenshot capturing, and deploying additional payloads. The threat actors create new domains weekly and utilize compromised infrastructure to send phishing emails. Warmcookie gathers victim information, captures screenshots, executes commands, and drops files, posing a significant threat.
From the meeting notes, the key takeaways are:
– A new Windows malware called ‘Warmcookie’ is being distributed through fake job offer phishing campaigns to infiltrate corporate networks.
– The malware is capable of extensive machine fingerprinting, screenshot capturing, and deploying additional payloads.
– The threat actors behind the campaign are creating new domains weekly, utilizing compromised infrastructure to send phishing emails.
– The phishing emails contain personalized job offers with links to deceptive landing pages that prompt the victim to download an obfuscated JavaScript file.
– Upon execution, the JavaScript file leads to the installation of the Warmcookie payload, which establishes communication with a command and control server and begins collecting victim information.
– The malware can capture screenshots, enumerate installed programs, execute arbitrary commands, drop files, and read specified file contents while evading analysis environments.
These clear takeaways summarize the discovery of the new threat, its distribution method, capabilities, and potential impact.