Elastic Security Labs has discovered FinalDraft malware that uses Outlook draft emails to covertly orchestrate attacks on government agencies in South America. The attack begins by launching the PathLoader loader, which launches the FinalDraft malware.
The program reads the configuration, obtains an OAuth token via the Microsoft Graph API, and sends commands using the draft emails. The malware supports 37 commands, including data theft, process injection, and network tunneling. The campaign, known as REF7707, targeted the South American Ministry of Foreign Affairs. Infrastructure analysis also revealed activity in Southeast Asian countries. Companies should increase monitoring of access to email services to prevent such attacks.
FinalDraft is a new malware that uses Outlook drafts to send secret commands and attacks on government agencies. Elastic Security Labs found that 37 features, including data theft and network proxies, make this tool dangerous for corporate systems.
93 
104 
95 