Phishing campaign operators often take advantage of social movements or issues of current interest, so a malicious email will have a better chance of misleading a target user, as mentioned by data security course specialists.
The detection of a phishing campaign was recently reported inviting users to vote on the Black Lives Matter social movement; in fact, the operators of this campaign try to infect users with TrickBot, a variant of malware for information theft.
Initially developed as a banking Trojan, TrickBot has evolved into an advanced lateral-spread malware over a target network, theft of credentials stored on websites, database theft in Active Directory, theft of cookies and OpenSSH keys, as data security course experts mentioned. TrickBot operators have also collaborated with developers of other ransomware variants, such as Ryuk, to gain access to compromised networks and encrypt files.
Regarding this campaign, the cybersecurity organization Abuse.ch detected multiple emails allegedly sent by Country Administration, in which users were asked to cast their anonymous vote on Black Lives Matter.
“Leave a confidential opinion about Black Lives Matter”, mentions the email sent by the hackers. The message contains a file called ‘e-vote_form_3438’, a form that users must complete and forward to the sender.
If the user opens the document, they are prompted to enable editing and enable the contents of the file.
When users click these buttons, the Word document will start macros to download and run a malicious DLL on the victim’s computer. This DLL is the TrickBot Trojan, which will download some additional modules to extract files, passwords, security keys, spread laterally over the network and allow other hacking groups to infect your device with ransomware, reported data security course experts.
Operators of this type of campaigns are particularly active during these complex times; an example of this is the multiple tracking of phishing campaigns that have been detected during the health emergency period by the coronavirus. In recent months, hackers have resorted to phishing emails, malicious apps and malware-laden websites offering alleged information about the virus, fake cures and invasive advertisements.
For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
