"SAVE YOU": Hackers are massively attacked by Ukrainians that cannot be opened and what is threatening
The attackers took possession of the real accounts of the court staff and sent letters to more than 15,000 users on the topic of the "summons in the court". They were attached to the RAR-Archives called "Economic Court of Odessa region, a summons to court in the Ukrainian language, probably this institution was affected by the attack first. Inside the archive contains a password protected file "Subject to court. Rar", and it contains a document "A report to court. doc".
When opening a document with a "conductor", a standard Windows file watchdog, a macro (software algorithm) is activated, which downloads the file "scandoc. exe" to the computer and starts it. This file is a masked program that decrypts and launches another Remcosrat program. According to Trend Micro, Remcos is a complex remote Trojan (RAT), which can be used to fully control and monitor any Windows computer, starting with XP and above.
It is noteworthy that it is sold by a German firm Breaking Security as a legal software for remote control of Windows, but is often used by cybercriminals. Remcos Rat bypasses antiviral systems and is introduced into Windows processes to look safe. The Izoologic cyber defense company adds that after successful launch on the infected Remcos Rat device takes pictures of the screen, registers the keystroke, helps to monitor users through webcams and microphones.
He then pulls out the story of the views and steals the passwords from the web browsers of his victims. "Cert-UA is a malicious plan in advance and urgent measures have been taken to minimize the likelihood of cyber-threatening," the Ukrainian cyberfactors assured, but Ukrainians should be vigilant and not open letters with "summons" from the Commercial Court of Odessa region. Earlier, they wrote about the vulnerability of Chrome used by hackers for the hacking of the victims.