New Malware Upgrade Steals Browser and Email Client Credentials

Conceptual digital image of lock on circuit background-2Nothing is safe anymore. While tricking users into giving up their credentials still seems pretty impressive, new updates to the FTCode ransomware target the IDs and passwords on your endpoints.

According to threat researchers at Zscaler, new PowerShell code has been added to decrypt stored credentials from the following web browsers and email clients on Windows machines:

  • Internet Explorer
  • Mozilla Firefox
  • Mozilla Thunderbird
  • Google Chrome
  • Microsoft Outlook

While FTCode primarily is focused on attacking Italian-language users, there is little to suggest once this tactic gets out, it will be duplicated by other cybercriminal organizations. The repercussions are massive: In addition to holding data for ransom, attackers could lock massive numbers of an organization’s users out of any and all cloud-based applications, could use the newfound credentials to island hop, could provide access to Office 3656 via OAuth API access, commit BEC scams, identity theft, and much more.

This new PowerShell code is VERY bad news.

There are two parts to stopping these kind of attacks (assuming we’re very likely going to see more of this code in the future):

  • Endpoint protection – you need a solution in place on your endpoints that is scrutinizing each and every process that runs, looking to see if it’s an expected process and if it’s performing an action that is allowed. This is your reactive control.
  • Security Awareness Training – by educating your users on the dangers of phishing attacks (the FTCode attacks start with emails containing malicious macro documents as attachments that users must first click), you lower the likelihood they will engage with suspicious email content, reducing the risk of successful attack.

Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews