Recently, Google’s Threat Analysis Group published a blog post about a campaign targeting security researchers, which they attribute to an entity backed by the North Korean government. Using social engineering the attackers try to convince victims to download and open a Visual Studio Project file
This file contains commands that are executed during the build process of the project. For example, in Figure 1, the command starts a new Powershell instance that first verifies that the operating system is Windows 10, and then executes the malicious payload using Microsoft’s rundll32, which indicates that the payload is a DLL (dynamic-link library). ...read more!
