Threat Actors Play On People’s Desire To Help Cure Coronavirus

Much like
the new cases of COVID-19 that occur daily, cybercriminals are constantly rolling
out new tactics, techniques and procedures based on the pandemic.

One of the newer attacks, first observed on March 7, uses a Coronavirus themed email to spread RedLine Stealer malware. This is described as a particularly well designed, written and developed malware, reported Proofpoint, that is delivered through an email’s URL. Additionally, it is being distributed as a malware as a service priced at $150 lite version, $200 pro version and $100 per month subscription option.

The social
engineering aspect of the attack is also highly developed. The subject line
asks the recipient, generally a U.S.-based healthcare or manufacturing industry,
to “Please help us with Fighting corona-virus”. They are supposedly from a
company called Mobility Research which claims it is part of the Folding@Thome project.
This name is an intentional misspelling of the legitimate Foldering@Home, a
public-resource computing firm – like the now shuttered SETI at Home project, that
might confuse people into opening the email.

The victim
is then directed to the malware bucket on Bitbucket and asked to install it, Proofpoint
said.

RedLine Stealer steals browser information such as login, autocomplete, passwords and credit cards. It also collects information about the user and their system such as the username, their location, hardware configuration, and installed security software. A recent update to RedLine Stealer also added the ability to steal cryptocurrency cold wallets.

But this is
not the only campaign being run.

The gang
TA505, which has pushed Locky ransomware and the Dridex banking trojan, this
week started using a Coronavirus hook with their emails aimed at the downloader
campaign targeting the U.S. healthcare, manufacturing, and pharmaceuticals
industries.

TA564 is
doing much the same against Canadian citizens using coronavirus emails to
target Canadian users by spoofing the Public Health Agency of Canada in an
attempt to deliver the banking trojan Ursnif.

Topics:

Coronavirus Email Security Malware Phishing

Source: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/threat-actors-play-on-peoples-desire-to-help-cure-coronavirus/

Generative Data Intelligence

Threat actors play on people’s desire to help cure Coronavirus

Topics:

Honda Launches 3 New Electric Cars … In China, For China – CleanTechnica

US Air Force says AI-controlled F-16 has fought humans

Latest Intelligence

Artificially: Learn to use Artificial Intelligence crowdfunding opportunity project pitch by Indiegogo

Lightning Kayaks AIR 9: Inflatable Pedal Board crowdfunding opportunity project pitch by Indiegogo

Quest 2 Accessory Prices Cut By More Than 50%

How the halving will impact the Bitcoin market

USA Pulls Mexico Into Its Anti-Chinese EVs Policies – CleanTechnica

Chinese scientists claim breakthrough in detecting F-22 stealth jets: F-22 stealth threatened? – Tech Startups

Chat with us