Hackers Are Spreading Malware Through Windows Troubleshooting Platform!

Windows Troubleshooting Platform (WTP) is a legitimate feature of Windows, which is helpful for Windows users to troubleshoot all the problems related to Operating System. A new social engineering attack has been discovered by security researchers of US based cyber security company Proofpoint. Hackers are exploiting this WTP feature of windows to spread LatentBot malware. Hackers are tricking users to run a cloned malicious troubleshooting program.

How it is possible?

Let me give you some more information about Windows Troubleshooting Platform. After a security update, windows is not representing its WTP as a security warning in front of users. Windows had asked its users to run troubleshooter every time when it appears. Hackers are taking advantage of this fact. They are manipulating windows users to run a malicious troubleshooting program.

Social Engineering Attack Used By Hackers

Hackers are sending a malicious file as an email attachment to the victims. When victim opens that attachment after downloading, it shows a troubleshoot window. This troubleshoot window is telling the victims that there is an issue with font settings of system. Further it asks victim to double click on an error to automatically detect actual charset. When a victim clicks on it, he/she is actually allowing malicious DIAGCAB file to do its work. (DIAGCAB is a file extension of Windows WTP). It allows malware to show a "convincingly realistic" download wizard to user. When victim clicks on next button, malware enters into program files of system and executed on the system.

About Malware

Hackers are spreading LatentBot named malware through this social engineering attack. It is a well-documented hard coded modular botnet. Hackers are using it for anonymous surveillance, to steal sensitive information and to get remote access of any system.

Similar Posts:

According to security researchers of Proofpoint, this malware is capable to bypass observations of various sandbox product because all the process is happening outside of msdt.exe file. This social engineering attack is a proof that hackers are bypassing evasion methods of sandbox products very easily through command based nonstandard execution flow of codes.

"Spreading malware through Windows Troubleshooting Platform (WTP) is not a new thing for hackers. Background Intelligent Transfer Service, WMI, Task Scheduler and Office Interoperability services of Microsoft Windows had been exploited by hackers already to spread malwares."

Security Tip For Windows Users

This convincing method of hackers is making fool of experienced window users as well because it is capable to bypass security techniques of various sandbox products. To protect yourself from this malware, never clicks on that attachments which you are getting from unknown email addresses.