Malware attacks are illegal, but what would you do about the legal attacks? Do you have any strategy to counter them? If the answer is no, then you are definitely unaware of the fast-evolving cybercrimes. In this article at ThreatPost, Lindsey O’Donnell shares details of a legitimate spear-phishing attack called Paste.nrecom.
How It Occurs?
Moving a step forward, cyber attackers have a legal weapon named as Pastebin web service. It is a code-hosting approach that helps users share plain text via public posts, commonly known as ‘pastes.’ The ransomware attackers are also using another service with a domain name Paste.nrecom.net since May 2014 that operates like Pastebin.
It has an application programming interface (API) driven by an open-source PHP-based Pastebin that enables scripting. According to the Juniper Networks researchers, AgentTesla is one of the most active malware used by threat actors to instigate spear-phishing.
The hackers leverage APIs to initiate an email that contains a document or file to download. Once you open the attachment, the next stage of Paste.nrecom[.]net gets active. Driven by downloads, the malicious code remains hidden deep inside the web code. Once it enters the system, it is almost impossible to get it off your laptop, tablet, or mobile phone.
The AgentTesla is targeting shipping, supply chains, and banking industries at present. The attackers can steal your confidential IDs, essential client data or may take control of FTP servers and clipboard data. Using Pastebin or paste.nrecom[.]net web services, the hackers become so powerful that taking legal actions against them is impossible.
Other malware activities, including LimeRAT, Redline Stealer, and W3Cryptolocker, are gradually encrypting malicious attacks. The security operators can add Paste.nrecom to monitor suspicious web-service.
Click on the following link to read the original article: https://threatpost.com/malware-pastebin-like-service/159838/