Sunday, May 29, 2022
Tech ObserverNewsCyber SecurityFreeMilk phishing attack: How does it affect you

FreeMilk phishing attack: How does it affect you

The malware FreeMilk is used by the hackers to infiltrate the computers using malicious codes and retrieve confidential information without even getting noticed

The malware FreeMilk is used by the hackers to infiltrate the computers using malicious codes and retrieve confidential information without even getting noticed

IT security researchers at Palo Alto Networks have discovered a new spear-phishing campaign that intercepts an active conversation and hijacks them to spread malware using highly-customised emails designed to look as if they are coming from the original sender. The malware dubbed as is used by the hackers to infiltrate the computers using malicious codes and retrieve confidential information without even getting noticed. The attack leverages CVE-2017-0199, a remote code execution vulnerability in the way Microsoft Office and Wordpad parse specially crafted files – which was subsequently patched in April this year.

How does FreeMilk affect the victim’s system?

Upon successful execution of a FreeMilk phishing attack, two payloads named PoohMilk and Freenkin gets installed on the targeted system. PoohMilk’s primary motive is to run the Freenki downloader. Freenki, on the other hand, performs two different task – the first is to collect information from the host and the second is to act as a second-stage downloader which further downloads sophisticated malware.

Information collected by the malware include username, computer name, ethernet addresses, and running processes. Besides this, Freenki can take screenshots of the victim’s system, with all the information sent to a command server for the attackers to store and use.

Who is behind FreeMilk?

As of now the actors behind this attack have not been identified. However, the security researchers have found out that “PoohMilk” tool has been previously used in January 2016 in which the phishing emails were disguised as a security patch. Attackers also attempted to distribute “Freeniki” in an August 2016 watering-hole attack on an anti-North Korean government website by defectors in the United Kingdom

How does FreeMilk affect India?

Due to the massive number of inactive, un-patched and outdated windows machines especially in the government & small-medium scale organisations, these series of attacks can be serious for India. All machines that aren’t updated with the patch that was released in April are at a severe risk and can aid cyber criminals and state actors in gaining access to even the most sophisticated networks.

“Freemilk is exploiting the CVE-2017-0199 vulnerability in Windows which was patched in April 2017. Therefore, ensure that any computer that has not been patched since before April, 2017 is not allowed to go on your the network,” said Comments from Ankush Johar, Director at, a leading provider of human information security awareness and preparedness solutions.

Users can patch their computers using the official security update if not done already from –

General hygiene for protection from FreeMilk phishing scam

Defending against this kind of attack is rather simple. Following are some key points.

For home users

* Use the latest Operating System.
* Make sure automatic updates are enabled, and downloaded regularly.
* Ensure Firewall is enabled to block all network based attacks.
* Never Click/Download anything on Emails from untrusted sources. Make sure the mail is from a trusted party, only then download the attachments.
* Use a proper, regularly updated Antivirus.

For organisations

* Latest patches must instantly be deployed across the company.
* All pirated / un-patched / outdated devices to be removed (read unplugged) from the network instantly.
* Employees to be trained to detect and protect against Phishing and other such scams.
* Antiviruses ensured to be in place and updated.

Subscribe to receive the day's headlines from Tech Observer straight in your inbox

- Advertisement -

Your Comment on this Story


Share on activity feed

Powered by WP LinkPress


Please enter your comment!
Please enter your name here

Subscribe to our Newsletter

83000+ Industry Leaders read it everyday

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
- Advertisement -ESDS SAP HANA Community Cloud
- Advertisement -Digital Senate 2022

Airbnb announces China retreat, shut all offices by July 30

The company made the announcement in a letter posted to its official WeChat account addressed to its Chinese users without elaborating on the reasons.


- Advertisement -