The World
Health Organization (WHO) is among the premiere sources of up to date and
accurate information on COVID-19 so it is now surprise cybercriminals are
leveraging this for their benefit.Malwarebytes
has found a new phishing campaign using the well-respected WHO name as a lure
to trick people who are rightfully fearful of Coronvavirus into downloading a
fake e-book that carries an infostealer. The e-book, named My-Health, is advertised
to contain information to protect children and business from the virus.The body of the email (see below) is visually compelling but does contain clues that it is not legitimate. The typos include incorrectly hyphenating the name as Corona-virus, along with several odd uses of capital letters and some poor grammar.
The recipient
is expected to download the fake e-book from the attached zip file. However, it
only contains GuLoader, which upon being download itself brings in the infostealing
trojan FormBook.“Formbook is
one of the most popular info-stealers, thanks to its simplicity and its wide
range of capabilities, including swiping content from the Windows clipboard,
keylogging, and stealing browser data. Stolen data is sent back to a command
and control server maintained by the threat actors,” Malwarebytes reported.Researchers
point out that with many millions of people now working from home, possibly
using unsecure systems, any malware downloaded can easily end up inside their
company’s network.
Qwizzserial malware has been spread by attackers masquerading as government agencies through Telegram channels purporting to be for financial aid, a Group-IB analysis revealed.
Intrusions commence with communications in Telegram, followed by the delivery of email and Calendly invites containing a bogus Zoom SDK update, which contains the NimDoor malware, a report from SentinelOne's SentinelLabs researchers showed.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
