New Spear Phishing Campaign Targets 27 Famous Brands With Malicious SLK Files

angler_phishing-1A new spear phishing campaign is targeting twenty-seven companies around the world with malicious SLK (Symbolic Link) files, according to BleepingComputer. The attackers pose as a real client or vendor of the targeted company, and they do so with relatively convincing branding. They send emails relating to business transactions. These emails contain SLK files, which by default are opened in Microsoft Excel.

If a user opens the file, the document will show an empty Excel spreadsheet with a box saying “Enable Editing and Enable Content to display this document.” If the user clicks the button in Excel to enable content, the SLK file will be allowed to run commands on their computer.

After the button is clicked, the file will execute a series of commands and eventually uses Windows Installer to download the NetSupport Manager remote access Trojan to the victim’s computer.

This phishing campaign is targeting companies in a wide variety of industries, including software, chemicals, healthcare, mining, oil and gas, machinery, utilities, transportation, telecommunications, retail, and banking. Some of the companies are very well-known, including JCPenney, Glad, and Hasbro.

BleepingComputer notes that it’s worth taking the time to call someone to verify emailed requests.

“To protect yourself and your corporate networks from targeted phishing attacks like this, it is recommended that you always contact the sender at their corporate number,“ BleepingComputer says. “While calling them to confirm just adds another task to a busy schedule, it will also give you peace of mind that the email is legitimate.”

In this case, however, it’s better to just assume that any document that asks you to enable content is malicious. It’s important to note that, in most cases, malicious documents are harmless as long as the user knows not to click the “Enable content” or “Enable editing” buttons. New-school security awareness training can help ensure that your employees know how to avoid falling for these attacks.

BleepingComputer has the story:

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews