Attack Combines Phishing, Steganography, PowerShell to Deliver Malware

URLZone Morphs Into a Downloader for Ursnif


Researchers have discovered a malware campaign targeting Japan and combining phishing, steganography, PowerShell, and the URLZone and Ursnif malwares.


The basic process described in a new report from Cybereason is a malspam campaign with a weaponized Excel document containing a PowerShell script that downloads steganographic images. The script extracts further Base64 and AES-encrypted and compressed PowerShell code from the images. This code subsequently downloads a stripped-down version of URLZone which is then used as a downloader for ..