Novel multi-stage malware campaign stealthily targets Pakistan

More refined obfuscation tactics have been leveraged in a new multi-stagemalwarecampaign targeted at the employees of Pakistan’s Punjab Safe Cities Authority and Punjab Police Integrated Command, Control & Communication Centre,GBHackers Newsreports.Threat actors masquerading as an internal consultant have delivered high-priority spear-phishing emails with the “Safe Jail Project” title that included a Word document and a PDF file, both of which had misspelled file names, findings from a Joe Sandbox report showed. Included in the Word file is an illicit VBA macro that downloads the “code.exe” payload upon content activation while concealing malicious code via VBA stomping.Meanwhile, opening the PDF triggers a bogus Adobe Reader error message that includes an “Update PDF Reader” button, which when clicked, prompts the download of a nefarious ClickOnce app that retrieves the secondary “Adobe.exe” payload. Aside from executing “code.exe” to allow persistence via Microsoft Visual Studio Code tunneling, the malware also taps Discord webhooks to facilitate data compromise.