Electronic SecurityNews

Hacker Gives Reference to Drake’s “Kiki Do You Love me” in Malicious Script

A hacker with the handle “Master X” was found spreading his malware via PowerPoint scripts that contain a reference to Drake lyric’s “Kiki Do You Love Me.”

Master X ran an email-based campaign with a PowerPoint attachment that finally delivers malicious payloads, either Lokibot (the info stealer) or Azorult.

Researchers have further shared a pattern of the malicious emails dated January 6, 2020, indicating a Business Email Compromise scam attempt with a call to action in the subject line: “TT Remittance Recommendation”.

Two PowerPoint attachments contain the file names “INVOO13433361.pss” and “Blank slip.pss”.

A security analyst wrote in its blog that “Upon opening either of the PowerPoint attachments, it routinely runs a heavily obscured visual basic script.”

Clicking on either of the information (“INVOO13433361.pss” and “Clean slip.pss”.) triggers a Visual Basic script.

The script makes use of Window’s native Microsoft HTML utility host referred to as “mshta.exe,” a Microsoft HTML executable that sends a request to Bitly link shortener.

It helps in circumventing browser defense controls to skirt detection.

In its first order of enterprise, it makes use of a command-line task to kill Excel and Word apps.

Next, mshta.exe is used to succeed in plain-text sharing site Pastebin.com to retrieve an encoded script.

At last, the PowerShell script communicates with Paste. ee, another plain textual content-sharing site, and downloads the code for a malicious executable named Calc.exe.


Carlton Peterson

Carlton is the contributing author of electronic security. His field of communication is fascinating since he writes about that side of the industry which is costly, less used but more inclined upon by developed countries. Electronic securities have been seeing an upward graph nowadays, but the current scenario still needs to be changed. Carlton’s articles reflect the real happening wrapped up in formally written words.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *