Microsoft detects new Evil Corp malware attacks

News
By
published

Phishing campaign uses HTML redirectors to deliver malicious Excel documents

(Image credit: Pixabay)

Microsoft has observed that the hacking group known as Evil Corp or TA505 has switched up the tactics in its ongoing phishing campaign to deliver malware by using malicious Excel documents.

The company provided more details on the new campaign in a series of tweets in which its researchers said that the final payload is now being delivered by using an Excel document containing a malicious macro.

Evil Corp has been active since 2014 and the cybercrime group is financially motivated. It is known for targeting retail companies as well as financial institutions by using large malicious spam campaigns powered by the Necurs botnet.

Researchers from Microsoft Security Intelligence explained how Evil Corp's new campaign works in a tweet, which reads:

“The new campaign uses HTML redirectors attached to emails. When opened, the HTML leads to the download Dudear, a malicious macro-laden Excel file that drops the payload. In contrast, past Dudear email campaigns carried the malware as attachment or used malicious URLs.”

Evil Corp

This new campaign marks the first time that Evil Corp has used HTML redirectors as part of its attacks. Previous email campaigns carried out by the group used attachments or malicious download URLs to deliver their malicious payloads.

Evil Corp's latest campaign sends out phishing messages that come with HTML attachments that automatically start downloading the Excel file used to drop the payload. Victims are told to open the Excel document on their computer and to enable editing to access its contents.

Once this is done, the malware will also try to drop a remote access trojan (RAT) known as Grace Wire or FlawedGrace onto a victim's system.

The cybercriminals behind this new campaign even utilized localized HTML files in different languages in order to reach victims from all around the world.

Via BleepingComputer

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Latest in News
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
An Nvidia GeForce RTX 4060 on a table with its retail packaging
Nvidia RTX 5060 GPU spotted in Acer gaming PC, suggesting rumors of imminent launch are correct – and that it’ll run with only 8GB of video RAM
Indiana Jones talking to a friend in a university setting with a jaunty smile on his face
New leak claims Indiana Jones and the Great Circle PS5 release will come in April
A close up of the limited edition vinyl turntable wrist watch from AndoAndoAndo
This limited-edition timepiece turns the iconic Technics SL-1200 turntable into a watch, and I want one
More about security
Dr Chase Cunningham speaking at ZTW25

The grand delusion: endpoint protection isn’t the magic pill, says Dr Zero Trust
An American flag flying outside the US Capitol building against a blue sky

Sean Plankey selected as CISA director by President Trump
Privacy Hero II

I tested this secure router and the bundled year of VPN service feels mostly like a marketing exercise
See more latest
Most Popular
EDMONTON, CANADA - FEBRUARY 10: A woman uses a cell phone displaying the Open AI logo, with the same logo visible on a computer screen in the background, on February 10, 2025, in Edmonton, Canada
T-Mobile rival is giving free ChatGPT Plus, worth hundreds, to its subscribers - but there's a catch
Three photos of the iPad Air M3 and its camera
iPad Air M3 review roundup – should you buy Apple's new mid-range tablet?
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
HP LaserJet Pro 3000 on modern office desk
Now HP printers are being bricked following firmware update
Meta QLC Server
Facebook engineers say bigger hard disk drives is making one critical metric far, far worse
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
Two iPhones showing Apple HomeKit settings
Still using an iPad as a Home Hub? Bad news – Apple is about to end support for it
Horizon Zero Dawn Remastered
Future PlayStation games could have AI-powered characters, if this leaked prototype of Aloy is anything to go by
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024