"CISA Warns of Phishing Emails Delivering KONNI Malware"
The Cybersecurity and Infrastructure Security Agency (CISA) has published an alert to provide information on attacks delivering the KONNI remote access Trojan (RAT). Phishing emails are being sent delivering Microsoft Word documents that contain malicious Visual Basic Application (VB) macro code designed to fetch and install the KONNI malware. Once installed on a victim’s computer, the adversary can exfiltrate large amounts of information, log keystrokes, take screenshots, steal clipboard content, steal data from browsers such as Chrome, Firefox, and Opera, and execute arbitrary code. KONNI can also collect IP addresses, usernames, a list of running processes, details on the operating system, connected drives, hostname, and computer name.
SecurityWeek reports: "CISA Warns of Phishing Emails Delivering KONNI Malware"