A malicious AutoHotkey book cargo is ply by the US FMF platform victimization a bait Excel Macro - enable Workbook electronic mail attachment hump as Military Financing.xlSm . Agency for Defense Security Cooperation to whoremonger possible point to enable macro to panorama the content of the single file . AutoHotkey ( a.k.a . AHK ) is an loose - beginning script linguistic communication that was expend for Windows gage in 2003 in say to minimal brain dysfunction keyboard shortcut ( hotkeys ) . As break by the Cyber Threat Research Team of Trend Micro . The XSLM document ’ cast off the AutoHotkey decriminalize hand engine together with a malicious script Indian file ’ once the victim have enable the macro instruction in Microsoft Excel , and will at once after that the malicious script will be escape and get in touch automatically to its C&C host by download more than hand on the discredited car free-base on the bidding it get from assailant .
The research worker analyzed the activeness of the leave out AutoHotkeyU32.ahk book and go through that the succeed statement are perform : As research worker have observe , one of the malicious handwriting download will eventually free fall the TeamViewer copy , tolerate the wrongfulness histrion to let removed memory access to the infect reckoner .
AHK - establish malware melodic line look in 2018 and AutoHotkey - establish malware begin to look former 2018 in the chassis of different targetbots and halt unsportsmanlike peter while Ixia ’s security measures explore squad shell out multiple AHK malware taste of cryptomas and a clipboard road agent in February . about importantly , one of those single file as well grant TeamViewer to download , a outback user memory access cock offer outside dominance over the organisation by endanger doer , ” say Trend Micro . “ These file allow an attacker to develop the computer and lead screenshots . yet , the aggressor may habituate ostensibly harmless AutoHotkey script that aid to quash notice former loading , from trust Trojans , coinminers and back door to more than speculative ransomware or wiper blade malware . Although the resolve of this malicious campaign is tranquil nameless , it may be apply by the thespian behind it to call for cyber undercover agent information , as it is calculate at the dupe potentially worry in military financing platform from the Defense Security Co - operation Agency . One month belated the research team at Cybereason Nocturnus hit upon an AHK malware stress that they labeled Fauxpersky because they prove to conk as a legitimatise antivirus copy from Kaspersky . “ Every day we chance the Same clipbankers / eye dropper / keyloggers with small fry computer code switch merely , and likewise try out with building complex single file social organization and impediment technique , ” aforesaid Ixia surety investigator Gabriel Cirlig at that mo .