It involves hiding malicious PowerShell scripts inside of an image that execute powerful commands.
An email will contain a Microsoft Office document. The email itself is automatically tailored to appear in the native language of the recipient based on geography to make it more believable.
Malicious macros inside the document will trigger a script to download an image hosted on public imaging services to avoid network traffic scanners.
The payload is hidden inside of this image, which includes an open-source application that can access credentials on Windows operating systems.
The best course of action to prevent this type of attack is to train employees to think before they click on any attachment in an email, keep antivirus programs up to date, and enforce strong password policies.
Create a culture of security awareness. Get your employees trained. We can help.