At least this one hacker who uses Drake’s popular song “In My Feelings” to write down a malware certainly likes hip hop. As AppRiver, a cybersecurity service has reported, a PowerPoint malware campaign has the lyrics concealed in Powershell’s order.

The hacker in question by the alias “Master X” would drop the malware Lokibot or Azorult depending on the user he is targeting. Lokibot is a robber of information, while Azorult is a remote access trojan (RAT) that infects computers.

The attack is caused by an email that is disguised as a corporate mail for businesses. The email includes malicious powerpoints such as the one in the following screenshot:

Source: AppRiver

A strongly blurred visual basic script runs when a user opens the attachment. This script uses an application host for Microsoft HTML (mshta.exe) to redirect to a Bitly short URL (hxxp:/j.mp? *) to escape user security mechanisms that are deployed on the browser.

Source: AppRiver

The next step is to terminate Excel or Word with the following command:

“C:\Windows\System32\cmd.exe” /c taskkill /f /im excel.exe & taskkill /f /im winword.exe

Next, a planned task reaching Pastebin URL is created every sixty minutes to find a script that decides if the user is targeted at Lokibot or Azorult payload.

If the script is decoded and converted into a PowerShell script, it includes a reference to Drake’s popular song lyrics, “In My Feelings.” The hacker used the lyrics of the cmdlet expression.

A malicious executable file called calc.exe that infects your PC is downloaded in the script.

It is not clear whether or not the malware has been successful because a large number of people have not been infected so far.

Nonetheless, the hacker shocked everyone with his humour and wit to place lyrics of Drake in the malware as a calling card.

LEAVE A REPLY

Please enter your comment!
Please enter your name here