360 Total Security cybersecurity experts: Poulight is disguised as a txt file in a new phishing campaign. Cybercrime actors spread the malware using RLO technology. It’s a trojan which steals info

The Poulight malware is disguised as a txt file in a new malspam campaign. It has been discovered by 360 Total Security cybersecurity experts. The attacker will first drop a phishing file using RLO (Right-to-Left Override) technology. The file, originally named “ReadMe_txt.lnk.lnk”, will be displayed as “ReadMe_knl.txt” on victim’s computer. At the same time, if the attacker sets the icon of the lnk file as a notepad icon, it is easy for the user to mistake it for a txt file with no harm. If the file is opened, the system will execute the powershell command according to the content of the “target” customized by the attacker, download the malicious program, set it as a hidden attribute, and run it. Poulight is a trojan which detects the operating environment, steals the record user names, machine names, system names, and other machine information including anti-virus, graphics card and processor labels.