Dangerous new one-click Gmail hack puts your private data at risk

If you need any more reasons to be particularly careful when opening an email attachment, here’s one for you. A new Gmail hack campaign is currently making the rounds, and a single click could be enough to infect your computer and put your data at risk.

Watch out for this one-click Gmail hack

Last week, Trustwave senior security researcher Diana Lopera published a blog post about a frightening new email hack campaign. According to Lopera, scammers are sneakily attaching malicious files to emails using file formats that would not normally raise suspicion. They are using this technique to spread the data-stealing Vidar malware.

Vidar malware hidden in an email attachment.
Vidar malware is hidden in an email attachment. Image source: Trustwave

The emails are short and direct the reader’s attention to the attachment. The attachment in question is named “request.doc,” but it is really an ISO file. As Lopera explains, ISO is a disk image file format cybercriminals occasionally use to store malware. It might look like a text document, but the ISO actually contains two files. One is a Microsoft Compiled HTML Help (CHM) file named “pss10r.chm” and the other is an executable named “app.exe.”

If your extract the contents of request.doc and execute either file, the attackers could gain access to your device and begin stealing your private data.

How does it work?

CHM is a proprietary help file format that Microsoft uses for software documentation. If you execute the CHM file, Microsoft Help Viewer will load the primary object of the file. That may not sound all that dangerous, and it usually isn’t. The problem is that this particular file has code lurking within that can silently run the app.exe file without you knowing. If the CHM and executable are in the same directory, you’re in trouble.

As Trustwave explains, Vidar can harvest system information and data from a wide range of browsers and applications. Once it starts running, Vidar malware connects to command and control servers from the open-source social network Mastodon. It then begins stealing data, and when it’s done, it can delete the files that it created.

Thankfully, avoiding this Gmail hack campaign is relatively easy. As you hopefully know by now, never ever open an email attachment from a source you don’t recognize. In fact, even if you do recognize the sender, double-check everything first. There are plenty of scams that involve using similar addresses to convince victims of their legitimacy.

Source link