Cybersecurity researchers reported a new spear-phishing campaign targeting CFOs in various sectors including banking and finance, utilizing a legitimate remote access tool named Netbird. The campaign starts with a phishing email impersonating a Rothschild & Co. recruiter, inviting recipients to engage with a malicious PDF link. This sophisticated multi-stage attack involves CAPTCHA checks and encrypted redirect URLs, making detection more difficult. The final payload includes malicious VBScript that further downloads additional harmful content to the victim’s machine.
In what appears to be a multi-stage phishing operation, the attackers aimed to deploy NetBird, a legitimate wireguard-based remote access tool on the victim's computer.
Solving the puzzle executes a [JavaScript] function that decrypts it with a hard-coded key and redirects the user to the decrypted link.
Collection
[
|
...
]