Windows error reports are being injected with malware by OceanLotus hackers

Researchers have reported that the hacker group is using Windows error reports to spread malware.

OceanLotus is Vietnamese group which is using a new fileless attack method that exploits the Microsoft Windows Error Reporting (WER) service for injecting its payload. The group has been involved in various other malicious campaigns like PhantomLance, OSX_OCEANLOTUS.D and Toyota motors breach.

OceanLotus also used a phishing attack to lure victims through a similar worker compensation claim scam. The current attack vector mainly relies on malware hidden in WER-based executable files to evade detection.

The team found a phishing document packages in a .ZIP file. This file was titled “Compensation manual.doc,” which supposedly contained information about worker compensation rights. The truth of the file is that it is a malicious macro used by hackers.

As per the researchers, the WerFault.exe reporting service is invoked when an error in the OS, Windows features, or application occurs. When a user notices WerFault.exe running on their system, they assume that an error has happened but in reality, they have become victims of a targeted attack.

NPAV recommends users to secure their internet connection and servers for preventing such attacks. Install NPAV on your devices and avail best in class security from all malware and ransomware attacks.

Use NPAV and join us on a mission to secure the cyber world.

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *