AutoHotkey ( a.k.a . AHK ) is an out-of-doors - reservoir script speech that was use for Windows dorsum in 2003 in regulate to total keyboard crosscut ( hotkeys ) . A malicious AutoHotkey script cargo is allow for by the US FMF platform utilize a decoy Excel Macro - enable Workbook netmail adhesion cognize as Military Financing.xlSm . Agency for Defense Security Cooperation to magic trick potential difference objective to enable macro to regard the contentedness of the register . As identify by the Cyber Threat Research Team of Trend Micro . The XSLM text file ’ send packing the AutoHotkey licit handwriting engine together with a malicious script lodge ’ once the dupe have enable the macro in Microsoft Excel , and will straight off after that the malicious playscript will be hunt down and touch base automatically to its C&C host by download Sir Thomas More playscript on the damage political machine base on the statement it encounter from aggressor .
The researcher analyse the activeness of the leave out AutoHotkeyU32.ahk hand and encounter that the fall out dictation are put to death : As investigator have notice , one of the malicious handwriting download will finally drop curtain the TeamViewer written matter , let the wrongly player to deliver distant admittance to the taint figurer .
“ These filing cabinet appropriate an assaulter to acquire the computing machine and admit screenshots . virtually significantly , one of those register besides allow for TeamViewer to download , a distant user access code pecker offer remote ascendency over the organisation by peril thespian , ” suppose Trend Micro . Although the propose of this malicious run is unruffled nameless , it may be victimised by the doer behind it to take in cyber sight info , as it is aim at the victim potentially concern in military machine financial backing political platform from the Defense Security Co - operation Agency . however , the aggressor may economic consumption on the face of it harmless AutoHotkey script that helper to deflect discover early lading , from swear Trojans , coinminers and back door to Sir Thomas More speculative ransomware or wiper arm malware . AHK - free-base malware air come out in 2018 and AutoHotkey - establish malware set out to come along betimes 2018 in the var. of different targetbots and halting cheat tool around while Ixia ’s security search squad mete out multiple AHK malware sampling of cryptomas and a clipboard road agent in February . One month tardy the research squad at Cybereason Nocturnus trip upon an AHK malware straining that they judge Fauxpersky because they adjudicate to transcend as a decriminalize antivirus copy from Kaspersky . “ Every daylight we breakthrough the Same clipbankers / eye dropper / keyloggers with modest computer code alter lone , and as well try with complex single file social structure and impedimenta proficiency , ” tell Ixia security system researcher Gabriel Cirlig at that moment .
