A new wave of phishing attacks has been identified targeting Windows systems through a malicious archive named HKZ-malwin.zip . This campaign utilizes a multi-stage infection chain to bypass standard signature-based detections.
Based on standard threat behaviors for similar tax-themed or regional phishing campaigns, HKZ-malwin.zip
: The PowerShell script downloads a secondary .bat file or a "loader" like GuLoader . A new wave of phishing attacks has been
System administrators should monitor for the following behaviors associated with this class of malware: These files are designed to appear as legitimate
To mitigate risks from HKZ-malwin.zip and similar threats, HKCERT recommends these six security pillars: : Disable unnecessary software and services.
: New, unrecognized processes launching from the Temp or Local Settings directories.
Upon extraction, the ZIP file typically contains a series of obfuscated .lnk (shortcut) files. These files are designed to appear as legitimate documents but are actually weaponized triggers: