This content is viewable by Everyone
Dec 2024: LURES TRICK RECIPIENTS Into Executing Malicious Commands
Threat Alert: LURES TRICK RECIPIENTS Into Executing Malicious Commands
- A series of lures aimed at tricking recipients into executing malicious commands on their computers has been identified.
- These lures were most frequently found across web-based threats, compromised websites, and phishing emails containing HTML attachments.
- Themes for the lures used in these attacks varied greatly. However, lures frequently directed recipients to fake CAPTCHA pages or to malicious processes designed to allegedly fix IT-related issues.
- These pages ask for additional verification steps, most commonly displaying step-by-step instructions to copy a command, open a command interface, and then paste and execute the command.
- Executing the commands leads to the execution of malicious software (malware) on the device.
Key Action: Report Suspicious Emails
- Be wary of convoluted steps. Many websites use CAPTCHA pages to verify the visitor is human. Additional convoluted verification steps, though, like copying and pasting a command into a command interface on your computer, are a red flag.
- Be cautious of clicking on URLs, particularly in unsolicited emails. Instead, always navigate to a website directly through a known URL or a trusted bookmark.
- Report ANY suspicious emails using the Phish Alarm button.