GAGANDEEP SINGH
23-March-2023
Security researchers discovered attacks from advanced threat actors using a previously malicious framework.
Threat actors used a malicious framework named CommonMagic & also a new backdoor, PowerMagic.
Attackers aim to collect data, documents, and files from Cremia & more through these attacks.
The malware can also take screenshots every three seconds using the Windows Graphic Device Interface.
The initial infection is a phishing URL pointing to a ZIP archive with a malicious LNK file.
As per security analysts, the attackers created exclusive modules for the different tasks.
Malicious Common Magic has various elements that used a named pipe to interact.
The data exchange is also done through the OneDrive folder, and the files are then encrypted.