This data-stealing phishing attack is a triple malware threat

Cybercriminals are always looking for new ways to spread malware. One of their favorite methods is hiding malware in Android apps. Tap or click here for three types of Android malware to avoid.

Phishing attacks are another popular way to spread malware and steal sensitive data. There’s a new kind of phishing attack that’s hard to spot.

Read on to see how this malware spreads and what you can do about it.

Here is the backstory

What’s worse than malware infiltrating your device? Three different malware at once. This should send shivers down your spine, and sadly, that’s what cybersecurity researchers at Fortinet detail in their latest report.

The phishing campaign targets Windows computers and attempts to drop three different malware variants to steal your sensitive information. In the report, AveMariaRAT, BitRAT and PandoraHVNC malware enters your computer through an infected Excel document.

The term “fileless” refers to the email not having the malicious file attached, but rather the execution of a macro command when you open the Excel document. Attackers often use fake payment notification for bait.

The most dangerous part of the email is that it automatically triggers the malware when you open the document and enable macros. The macro command retrieves all three malware variants from the cybercriminal’s server, disguised as a legitimate PowerShell file, to bypass detection.

What can you do about it

The phishing attack is serious, but you greatly reduce your risk of infection if you remain vigilant and take steps to protect yourself. Here are some tips to achieve this:

  • Do not click on links you receive in unsolicited emails or text messages. They could be malicious and infect your device with malware.
  • Never open Word or Excel files attached to unsolicited emails. If you open one of these documents and it says you need to enable macros, close the file and delete it immediately.
  • Keep your computer and mobile devices up to date with the latest version. Operating system and application updates protect you from the latest threats and are your first line of defense against malware.
  • Use two-factor authentication and password managers for better security.
  • Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for just $19 at That’s over 85% off the regular price!

keep reading

True or false: Macs are immune to malware and viruses

Use this simple and free check to see if a site or file contains malware

About Marion Browning

Check Also

Cross-platform messaging scam makes a comeback on social media ::

By Donna Natosi, WRAL Editor-in-Chief What’s old is new again in a resurgent social media …