Government agencies issue a warning about a rising threat: hackers are using fake emails to trick users into downloading malware-laden In-page content. The Cabinet Division advisory reveals that hostile intelligence agencies (HIAs) are actively targeting senior civil and military officials through phishing emails.
In a bid to infiltrate victim systems, the malware executes and exploits known vulnerabilities within the In-page attachment. Data exfiltration to a malicious C & C server becomes possible through this breach. Fortunately, the national gateway has already blocked a malicious C & C server, but more vigilance is needed.
The advisory highlights specific measures to safeguard against such attacks. IT administrators are urged to blacklist fake email IDs and malicious C&C on local firewalls and email servers. Additionally, the advisory cautions against the use of In-page, which is developed by the Indian company “Concept Software Private Limited,” deeming it hazardous. Instead, users are advised to opt for Microsoft Word with Urdu Language or Word Press Processor.
For unavoidable situations, users should opt for the latest paid version of In-page, steering clear of free and cracked versions. Beyond this, the advisory urges users not to share personal information with suspicious users, websites, or applications, and never to click on unknown links and attachments.
To maintain security, users should diligently scan every document before downloading and opening through built-in antivirus. Further steps to protect sensitive data include avoiding storing critical information online and keeping backups in external drives or standalone systems. Additionally, the advisory emphasizes the use of separate and complex passwords for each system, mobile, social media accounts, financial, and mailing accounts.
