A new threat spotlight from Barracuda draws attention to password stealers, where cybercriminals are using common attachment file types such as PDFs and Word documents to steal user passwords.
In a recent blog post, Jonathan Tanner describes the threat in detail.
Cybercriminals are constantly distributing various types of malware based on their objectives, which are often monetary. While Ransomware is a common means to this goal, holding data for ransom is not the only means of monetizing malware distribution. Companies are constantly trying to gain as much consumer browsing information as possible in order to target advertisements and mine user data; however, information that is intended to be secret—is even more valuable. There is a booming black market for stolen passwords within criminal communities, making malware that obtains these passwords profitable to distribute. The widespread use of software that stores passwords (from browsers for instance), and password management solutions compound the problem even more since a large number of passwords are already sitting on many users’ computers just waiting to be stolen.
Here are a couple of real-life attempts where cybercriminals are hoping to walk away with user passwords. In the first example, attackers are attempting to encourage the recipient to open the attachment by using urgent language to make the message appear important. Additionally, by naming the attachment “taxletter.doc,” the attachment appears like it could be something important such as a tax document. Lastly, by using a Word Document as an attachment, the attackers increase their chances of actually having the file opened due to the familiarity people have with these file types.
Here’s another example of an email where the attackers are attempting to make their message and attachment appear important by claiming that a PO is attached. The only difference here is that the attachment is an Excel file, which of course is another common file type that people are familiar with—making it less likely that they will suspect anything malicious.
Unfortunately, in both of these examples, if the user actually opens these attachments, there’s a good chance their passwords would be stolen.