Microsoft Highlights a Brand New Way Hackers Can Get to Your Data

Since security researchers have shared information about web proxy configuration in operating systems and browsers can be misused to steal user data, hackers have figured out how.

A team of Microsoft Malware researchers spotted, as well as analyzed a new attack that utilizes Word documents with malicious code, with no need to install traditional malware. It configures browsers to use a web proxy controlled by the hackers themselves.

The hackers are also using this to install a self-signed root certificate on the victim’s computer so that they can peek on encrypted HTTPS traffic as it passes through the servers that are under their control.

It starts with spam emails that have an infected .docx attached. When the document is opened, it shows an embedded element that looks like a standard invoice. If ran, the object then executes malicious JavaScript code.

From there, the code is obfuscated, with its purpose being to dro and execute several PowerShell scripts. This is a scripting environment built into Windows and allows automation of administrative tasks.

Related Post

One of the scripts will deploy the root certificate, and will later be used for spying on HTTPS traffic. Another script will add the same certificate to the victims Firefox browser. This happens because Mozilla uses a different certificate store from Windows.

A third script installs a client that will allow the computer to connect to Tor. This happens because the hackers are using a .onion address to host the proxy configuration file. The systems settings are modified in the registry to go to the .onion, allowing the hackers to change proxy servers in the future with ease when the original is taken down.

“At this point the system is fully infected and the web traffic, including HTTPS, can be seen by the proxy server it assigned. This enables attackers to remotely redirect, modify and monitor traffic. Sensitive information or web credentials could be stolen remotely, without user awareness,” researchers at Microsoft said.

Recently this month at DEF CON and the Back Hat Security Conference researchers revieled how a man in the middle attack can misuse the web proxy auto discovery protocol. They remotely hijacked people’s online accounts and stole their information; even when those devices used a VPN and encrypted HTTPS.

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.

reminesjoseph

I am 30 years old. I live in Rural Ohio with my Fiance, and our dog, Bruce.

Share
Published by
reminesjoseph

Recent Posts

Ushering in a Brand New Ecology in Game: How Does HashLand Become a Vanguard to Guarantee Floor Value?

For some time in the past, Gamefi was criticized by many people as a lofty…

41 mins ago

Robinhood Shiba Inu Listing Not Happening This Year, Especially After the Recent Security Incident

With Robinhood's recent security incident that leaked over 5 million users' names and email addresses,…

2 hours ago

Loopring Price Down 10%, Is LRC a Good Investment for 2022?

There's no doubt that the cryptocurrency market has been experiencing a rough couple days. Loopring's…

3 hours ago

Here’s Why Precious Metals Belong in Your Portfolio

Whether you already have a large portfolio or you’re just getting started in investing, precious…

4 hours ago

Gala Price Doubles After Town Star Nodes Announcement

Gala price is up over 93% today, making it the biggest gainer on Crypto.com, followed…

8 hours ago

Shiba Inu Price Holding Support as the FUD Continues

Shiba Inu's price continues to hold the $0.000049 support level amid FUD from major news…

9 hours ago

This website uses cookies.