According to some researches, it is the truth that the Windows utilities are used by malware.
This malware is not easy to be found, but the harm it brings is not negligible.
Now, you might read this post to learn some related information.
Windows Utility Used by Malware!
Windows utility used by malware!
you might keep on reading.
Some researchers disclosed a new attack chain.
This new system attack chain keeps this technique in mind.
How does the Campaign Works?
This campaign has been discovered by Symantec.
This Windows process can supply you with a command-line interface for the Windows Management Interface (WMI).
And this WMI can be used to make administrative tasks on both local and remote systems.
Here, you should probably know another thing: eXtensible Stylesheet Language (XSL) files.
How does the attack works?
It begins with a phishing campaign which contains a shortcut link.
This link can be delivered through a URL.
Moreover, this XSL file contains a JavaScript which can be executed by the use of mshta.exe.
The genuine mshta.exe is a software component of Microsoft HTML program Host.
Actually, the JavaScript has a lost which contains 52 domains.
Then they are registered to regsvr32.exe and the main payload.
After that, some additional modules are downloaded which lead to the compromise of the users computer.
The payload contains some modules which are suitable to steal information.
Another utility is PowerShell.
It is also being targeted by threat creaters.
The threats from this malware come from all directions.
MiniTool also providesRansomware Preventionsolution for you.
