The infamous FIN7 hacking group has been distributing malware through a LNK file embedded in a Word document via the Object Linking and Embedding (OLE) technology, Cisco Talos security researchers say.
FIN7, also known as Anunak, or Carbanak, is a financially motivated group that has been highly active since the beginning of this year.
While analyzing the attack, the Talos researchers found that the hackers were using an RTF document containing an LNK embedded OLE object that extracted a JavaScript bot and injected an information stealer into memory using PowerShell. The tactic allowed the final payload to be executed onto the target machine without it ever touching the disk.
Leave a reply
