Barracuda exposes advanced phishing attacks with new malware

Research conducted by Barracuda Networks has revealed a new wave of phishing attacks utilising an advanced form of “infostealer” malware. Infostealer malware is traditionally employed to gather login information such as usernames and passwords.

However, Barracuda has observed a sophisticated version of the malware being used to steal a wide array of information, including PDF files and directories, browser data such as session cookies and saved credit card details, bitcoin-related extensions, and web history. The stolen data is subsequently transmitted to a remote email account as a zipped attachment.

Saravanan Mohan, Manager – Threat Analyst at Barracuda, highlighted the unusual nature of this particular threat. “Most phishing attacks are associated with data theft, but here we are looking at an attack designed for extensive data exfiltration executed by a sophisticated infostealer,” he said.

“The amount and range of sensitive information that can be taken is extensive. Some of it can potentially be leveraged in further malicious activity, such as lateral movement or financial fraud. As cybercriminals continue to develop sophisticated methods to steal critical information, it's important for businesses to stay vigilant and proactive in their cybersecurity efforts.”

According to Barracuda researchers, the attack initiates with a phishing email that encourages the recipient to open an attached purchase order. The attachment contains a disc image file, which encapsulates another file that downloads and executes a series of malicious payloads. The final payload is the infostealer, an obfuscated and encrypted Python script, which undergoes multiple levels of decoding and decrypting processes to reach the active code. This infostealer is capable of collecting, compressing, and exfiltrating a wide range of sensitive data to a remote email account.

Effective security measures include the implementation of robust security protocols, continuous monitoring for suspicious activity, and employee education on potential risks. Email protection solutions featuring multi-layered, AI and machine-learning-powered detection are also recommended to prevent such attacks from infiltrating user inboxes, according to the researchers.

This research follows Barracuda Networks' Email Threats and Trends, Vol. 1, which shows that over the last 12 months business email compromise attacks have increased to account for 10.6% of email-based social engineering. Conversation hijacking has risen by 70% since 2022, despite being a resource-intensive approach for attackers.

"IT and security professionals need to stay focused on the evolution of email threats and what this means for security measures and incident response,” said Sheila Hara, Sr. Director of Product Management at Barracuda.

“This involves understanding how attackers can leverage generative AI to advance and scale their activities, and the latest tactics they’re using to make it past security controls. The best defense is AI-powered cloud email security technology that can adapt quickly to a changing landscape and doesn’t solely rely on looking for malicious links or attachments," Hara states.

The findings underscore the importance of a comprehensive and proactive approach to cybersecurity for protecting sensitive information from evolving threats.