Spam wave dropping trapped PUB file spotted by security experts at Bitdefender. These PUB file deliver a backdoor which is capable of setting sensitive information’s from corporate information.
When the victim opens the file PUB file it triggers a VBscript and downloads CAB file.
PUB file –> VbScript –> AutoIt script –> Backdoor
This CAB file has an AutoIt script, which is capable of running the script and another file encrypted with AES-256 algorithm.
This encrypted file is actually the backdoor Trojan.
What this backdoor capable of?
- It can act as a keystroke recorder and record passwords typed into GET forms.
- Dumb passwords from browsers and email clients.
- Gather system information and more..
We can scan for rootkit infection with GMER and virustotal
