The new malware uses fake documents to trick the victim into the machine.

A new malware was found using fake documents to trick the victim into the machine and turn off Windows Defender to resume the attack.

Windows Defender has always been the first cyberprotection for Windows users because it is a free protection tool installed with Windows, and that has led many malware to try to shut down this protection tool.

According to a report by the website, Cyber Security News has mentioned the detection of malware, a new anonymous Loader with the ability to sneak down the Windows Defender cyber protection tool to remotely release malware of the remote access trojan called Amnesia RAT with the ability to steal passwords from web browsers, financial information, coins in the Crypto Wallet, and remote control with malware of the victim ransom type, or Ransomware called Hakuna Matata with the ability to enter. The file code on the victim's machine is a NeverMind12F file and then uses WinLocker to lock the victim's machine and count down the time, pressuring the victim to pay the ransom.

A research team from Fortinet, a leading cybersecurity expert, revealed detailed information about the famous Loader malware. The hacker would deceive the victim by sending the victim a file that claimed to be a business document (supposedly an e-mail transmission, a phishing scam) in a compressed file format. When uncut, there would be an Internet Shortcut file of LNK. If the victim opens, it would lead to a PowerShell code that would lead to the first malware script being downloaded from the digital archive or the repository, famous as Github, on the machine. This script has code latency to confuse the detection system.

After that, the script will begin to create malware persistence on the system, create fake documents (Decoy) to distract victims, and contact hackers via the Telegram Bot API to confirm that they have successfully embedded themselves on the machine. The malware will then use the fake anti-virus software Defendnot, a tool created to research the weaknesses of Windows Defender, and register it as a new anti-virus tool to automatically shut down Windows Defender.

The malware then enters the Environment Reconnaissance phase. This will not be a one-time survey, but a continuous monitoring of the situation on the machine. Then release the Module for recording screenshots to capture the victim's behavior and secretly send the image back to the hackers.

Once this step is completed, it will be followed by a radical step that starts with system lockdown, shuts down the administrator's tool, destroys the Recovery mechanism, takes over the file hijacking involved so that the victim cannot activate the real application that will lead to protection against aggression. Then comes the process of releasing the last payload file, which may be Amnesia RAT or Hakuna Matata malware, as mentioned above. It can be called that even if it is just Loader malware, it is extremely dangerous to put people at risk, such as Users in business groups must give strict precautions.

# Trending # Lemon 8 Howtoo # lemon 8 diary # freedomhack # it