- AhnLab Security Intelligence Center (ASEC) recently confirmed phishing files being distributed through emails.
- The phishing file (HTML) attached to the email has a feature that prompts users to execute commands directly using the paste (CTRL+V) function, leading to deception.
- The attacker used content such as cost processing and operational guideline reviews to induce recipients to open the attachment.
- When opening the HTML file, a pop-up appears with a background image disguised as MS Word and an instruction message.
- The message instructs the user to click the ‘How to fix’ button to view the Word document.
- Clicking the ‘How to fix’ button prompts the user to enter [Win+R] → [CTRL+V] → [Enter] or open PowerShell terminal and enter commands directly.
https://asec.ahnlab.com/ko/65661/