Hackers use malicious MSI files that download and execute malicious files that could bypass traditional security solutions. The dropped malware is capable of initiating a system shutdown or targeting financial systems located in certain locations.
Security researchers from TrendMicro discovered JScript/VBScript codes in several malicious *.msi files distributed through spam emails.
The malicious JS code embedded with *.msi downloads the text and other files from the Amazonaws server, the malware contains the filenames such as Jesus or dump and the text file named as desktop.txt, desktop, and desktop.ini.
The infection starts with the spam mail that contains a malicious attachment which downloads from one of the malicious URLs.