Dangerous new one-click Gmail hack puts your private data at risk

ByFreda D. Cuevas

Mar 30, 2022 #2021 Acura Rdx Technology Package, #2021 Acura Tlx Technology Package, #2022 Acura Mdx Technology Package, #Align Technology Stock, #Applied Racing Technology, #Artificial Intelligence Technology Solutions Inc, #Assisted Reproductive Technology, #Battery Technology Stocks, #Benjamin Franklin Institute Of Technology, #Chief Technology Officer, #Color Star Technology, #Craft Design Technology, #Definition Of Technology, #Definitive Technology Speakers, #Element Materials Technology, #Health Information Technology Salary, #Ice Mortgage Technology, #Information Technology Definition, #Information Technology Degree, #Information Technology Salary, #Interactive Response Technology, #International Game Technology, #La Crosse Technology Weather Station, #Lacrosse Technology Atomic Clock, #Luokung Technology Stock, #Marvell Technology Stock Price, #Maytag Commercial Technology Washer, #Microchip Technology Stock, #Micron Technology Stock Price, #Mrna Technology History, #Mrna Vaccine Technology, #Nyc College Of Technology, #Penn College Of Technology, #Recombinant Dna Technology, #Rlx Technology Stock, #Robert Half Technology, #Science And Technology, #Sharif University Of Technology, #Smart Home Technology, #Stevens Institute Of Technology Ranking, #Symphony Technology Group, #Technology In The Classroom, #Technology Readiness Level, #Technology Stores Near Me, #Thaddeus Stevens College Of Technology, #University Of Advancing Technology, #Vanguard Information Technology Etf, #Vanguard Technology Etf, #What Is 5g Technology, #Women In Technology


If you need any more reasons to be particularly careful when opening an email attachment, here’s one for you. A new Gmail hack campaign is currently making the rounds, and a single click could be enough to infect your computer and put your data at risk.

Watch out for this one-click Gmail hack

Last week, Trustwave senior security researcher Diana Lopera published a blog post about a frightening new email hack campaign. According to Lopera, scammers are sneakily attaching malicious files to emails using file formats that would not normally raise suspicion. They are using this technique to spread the data-stealing Vidar malware.

Vidar malware hidden in an email attachment.
Vidar malware is hidden in an email attachment. Image source: Trustwave

The emails are short and direct the reader’s attention to the attachment. The attachment in question is named “request.doc,” but it is really an ISO file. As Lopera explains, ISO is a disk image file format cybercriminals occasionally use to store malware. It might look like a text document, but the ISO actually contains two files. One is a Microsoft Compiled HTML Help (CHM) file named “pss10r.chm” and the other is an executable named “app.exe.”

If your extract the contents of request.doc and execute either file, the attackers could gain access to your device and begin stealing your private data.

How does it work?

CHM is a proprietary help file format that Microsoft uses for software documentation. If you execute the CHM file, Microsoft Help Viewer will load the primary object of the file. That may not sound all that dangerous, and it usually isn’t. The problem is that this particular file has code lurking within that can silently run the app.exe file without you knowing. If the CHM and executable are in the same directory, you’re in trouble.

As Trustwave explains, Vidar can harvest system information and data from a wide range of browsers and applications. Once it starts running, Vidar malware connects to command and control servers from the open-source social network Mastodon. It then begins stealing data, and when it’s done, it can delete the files that it created.

Thankfully, avoiding this Gmail hack campaign is relatively easy. As you hopefully know by now, never ever open an email attachment from a source you don’t recognize. In fact, even if you do recognize the sender, double-check everything first. There are plenty of scams that involve using similar addresses to convince victims of their legitimacy.


Source link