Attached Excel Spreadsheet in Italy, Mario and Ransomware attack

Discussion in 'Security and Anti-Virus Software' started by jclausius, Feb 11, 2019.

  1. jclausius

    jclausius Notebook Virtuoso

    Reputations:
    2,194
    Messages:
    2,870
    Likes Received:
    1,630
    Trophy Points:
    181
    "Mail Attachment Builds Ransomware Downloader from Super Mario Image"

    - A malicious spreadsheet has been discovered that builds a PowerShell command from individual pixels in a downloaded image of Mario from Super Mario Bros. When executed, this command will download and install malware such as the GandCrab Ransomware and other malware.

    - emails contain an attachment with names similar to "F.DOC.2019 A 259 SPA.xls" that when opened tell the user to Enable Content in order to properly view the document.

    - macros will be triggered that check if the computer is configured to use the Italy region.

    - if located in Italy, an image of Mario is downloaded

    - after the image is downloaded the script will extract various pixels from the image to reconstruct a PowerShell command, which will then be executed.

    - PowerShell command will download malware from a remote site, which then downloads further malware such as the GandCrab Ransomware.

    https://www.bleepingcomputer.com/ne...ransomware-downloader-from-super-mario-image/


    Luigi, the Princess and Mario need you!!
     
    Last edited: Feb 11, 2019
    Papusan and Dr. AMK like this.
Loading...
Similar Threads - Attached Excel Spreadsheet
  1. kenny1999
    Replies:
    9
    Views:
    565

Share This Page