New ‘Black Lives Matter’ virus asks your vote to end with racism, but infects your network

Phishing campaign operators often take advantage of social movements or issues of current interest, so a malicious email will have a better chance of misleading a target user, as mentioned by data security course specialists. 

The detection of a phishing campaign was recently reported inviting users to vote on the Black Lives Matter social movement; in fact, the operators of this campaign try to infect users with TrickBot, a variant of malware for information theft.

Initially developed as a banking Trojan, TrickBot has evolved into an advanced lateral-spread malware over a target network, theft of credentials stored on websites, database theft in Active Directory, theft of cookies and OpenSSH keys, as data security course experts mentioned. TrickBot operators have also collaborated with developers of other ransomware variants, such as Ryuk, to gain access to compromised networks and encrypt files.

Regarding this campaign, the cybersecurity organization detected multiple emails allegedly sent by Country Administration, in which users were asked to cast their anonymous vote on Black Lives Matter.

“Leave a confidential opinion about Black Lives Matter”, mentions the email sent by the hackers. The message contains a file called ‘e-vote_form_3438’, a form that users must complete and forward to the sender.

SOURCE: BleepingComputer

If the user opens the document, they are prompted to enable editing and enable the contents of the file.

SOURCE: BleepingComputer

When users click these buttons, the Word document will start macros to download and run a malicious DLL on the victim’s computer. This DLL is the TrickBot Trojan, which will download some additional modules to extract files, passwords, security keys, spread laterally over the network and allow other hacking groups to infect your device with ransomware, reported data security course experts.

Operators of this type of campaigns are particularly active during these complex times; an example of this is the multiple tracking of phishing campaigns that have been detected during the health emergency period by the coronavirus. In recent months, hackers have resorted to phishing emails, malicious apps and malware-laden websites offering alleged information about the virus, fake cures and invasive advertisements.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.