23.05.2024

Gmail is spreading a virus under the guise of regular documents

Another reason not to open files from unknown sources.

Gmail distributes virus disguised as ordinary documents

The attackers have found a new way to deliver malware to computers: using e-mail and formats that users usually open without fear. This was announced in a blog post by Diana Lopera, a leading cybersecurity specialist at Trustwave.

It's simple. The victim receives a short email that offers to view the data from the attached DOC file (as a rule, it has a simple and relevant name like request.doc). In fact, under the guise of a document, an ISO file is hidden – a disk image containing a file in the HTMLHelp format (context support format developed by Microsoft) and an EXE application.

HTMLHelp files themselves are harmless, but they can launch applications located in the same directory without the user's knowledge – which becomes extremely dangerous when it comes to viruses.

This technique is used to spread Vidar, a malicious program that collects personal data from browsers and other applications. Once launched, it connects to command and control servers from the Mastodon open source social network. At the end of data collection, it is able to delete all created files, so that the user will not even know that his computer was infected.

It is quite easy to avoid infection in this way: do not open attachments from unknown senders (especially from the Spam folder). ).

Because the scheme relies on a proprietary Microsof format, macOS users are probably safe for now. However, this does not exclude the risk of infection with other viruses, including the popular XLoader.