The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    Attached Excel Spreadsheet in Italy, Mario and Ransomware attack

    Discussion in 'Security and Anti-Virus Software' started by jclausius, Feb 11, 2019.

  1. jclausius

    jclausius Notebook Virtuoso

    Reputations:
    6,160
    Messages:
    3,265
    Likes Received:
    2,573
    Trophy Points:
    231
    "Mail Attachment Builds Ransomware Downloader from Super Mario Image"

    - A malicious spreadsheet has been discovered that builds a PowerShell command from individual pixels in a downloaded image of Mario from Super Mario Bros. When executed, this command will download and install malware such as the GandCrab Ransomware and other malware.

    - emails contain an attachment with names similar to "F.DOC.2019 A 259 SPA.xls" that when opened tell the user to Enable Content in order to properly view the document.

    - macros will be triggered that check if the computer is configured to use the Italy region.

    - if located in Italy, an image of Mario is downloaded

    - after the image is downloaded the script will extract various pixels from the image to reconstruct a PowerShell command, which will then be executed.

    - PowerShell command will download malware from a remote site, which then downloads further malware such as the GandCrab Ransomware.

    https://www.bleepingcomputer.com/ne...ransomware-downloader-from-super-mario-image/

    Luigi, the Princess and Mario need you!!
     
    Last edited: Feb 11, 2019
    jclausius, Feb 11, 2019
    #1
    t456, Starlight5, Papusan and 1 other person like this.