Just when it seems the hacking community can go no further in their exploits, researchers discover a new mechanism that takes advantage of users.  Recently new malware code has surfaced which researchers named, "FreeMilk".  This particular type of sneaky malware hacks into chat conversations by using highly customised phishing messages to trick users into thinking they are still communicating with the original person with which they were conversing.

After gaining trust, the hacker(s) trick innocent users into downloading additional malware code by way of a file attachment.  Once the download is complete, the malware inside the fake file attachment begins to execute and downloads two additional payloads to the target system.  The two payloads, entitled "PoohMilk" and "Freenki", continue to set the stage for exploitation.  The PoohMilk malware exists to run the Freenki malware, which in turn collects information from the exploited host such as ethernet MAC addresses, computer names, screenshots and current processes.  Freenki is also poised as a second stage downloader, although researchers have been unable to determine if any additional payload drops have actually occurred.

Victims include a Middle Eastern bank, an international sporting organisation, European intellectual services firms and more.  So how did the attacker(s) gain access?  The hacking was made possible by CVE-2017-0199, which is a vulnerability exposed through the mechanism in which WordPad and Microsoft Office parse specially crafted files.  So what can companies do to ensure the safety and integrity of their messaging systems?  First, their IT personnel need to download the patch made available to fix CVE-2017-0199 and second, they need to educate their users to raise awareness for the possibility of exploitation, even when having seemingly harmless conversations with their co-workers or others on their messaging system.

Want to know more about FreeMilk and other phishing attacks?  

Contact the folio1 team today...