VERY IMPORTANT

Email is one of the favorite methods used by attackers to infect systems. The malware used in email campaigns is often ransomware or banking malware. Mcafee has recently seen some interesting tactical changes, including: - Attachments with the malicious executable inside. - Microsoft Office documents that contain a malicious macro. The macro will download ransomware or banking malware after execution. - JavaScript files, executed by Wscript in Windows, dropping, for example, Locky ransomware. Mcafee analyzed one recent email campaign with an attached .rar file. Inside this file, we found a .lnk file, which after executing uses PowerShell to download a second stage of malware.