Cybercriminals Exploit Black Lives Matter Campaign to Distribute Malware via Email Amid Social Unrest

News and Analysis

Threat actors are now exploiting the Black Lives Matter campaign to distribute malware via email, which lures users to open an attached Microsoft Word file to “leave a review confidentially about Black Lives Matter.” The phishing emails’ subject line goes as “Vote anonymous about ‘Black Lives Matter.’”

Once a user opens the attached file, it initiates the installation of the so-called TrickBot trojan. Initially, TrickBot began in 2016 as a banking trojan targeting Windows operating system to harvest emails, credentials, and steal banking information. However, the malware has evolved to perform other malicious tasks such as stealing cookies, OpenSSH keys, and Active Directory Services databases, among other things.

A spokesperson for cybersecurity non-profit, who discovered the attack on June 10, told Forbes:

“From what I see is that the spam campaign was pretty big, apparently hitting U.S. mailboxes. Historically, TrickBot is an e-banking trojan. However, these days TrickBot is heavily used by various threat actors to install additional malware on the victim’s computer. In corporate networks, this usually leads to Ransomware such as Ryuk.”

Cyber Attacks Rise Amid Social Unrest

Cyber attacks rise amid social unrest around the globe connected to public health crises, natural disasters, and terror attacks, among others. Thus, global uncertainty caused by the COVID-19 epidemic has resulted in a surging number of malicious campaigns circulating the Internet, according to a recent report from PwC. They began in late January, wherein threat actors posed as a trusted organization like a bank or a merchant, and rocketed by the middle of March.

The most popular criminal schemes include business email compromise scams, with cybercriminals attempting to obtain sensitive information or funds, as well as credentials, to further compromise companies’ information systems. Often, bad actors disguise phishing emails as government announcements. The report explains:

“Emails include links to items of interest, such as ‘updated cases of the coronavirus near you.’ Landing pages for these false links may look legitimate, but the sites are often malicious and may be designed to steal email credentials.”

This spring, cybersecurity firm Kaspersky Lab alone identified 403 users of its security products, who were attacked with around 500 coronavirus-related files.

In late May, Minneapolis police were hit with a DDoS attack amid protests over the police killing of George Floyd earlier that week. The hackers attacked the PD’s website and promised to expose a history of crimes committed by the officers.

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Found a typo? Highlight text and press CTRL+ENTER

Subscribe to our Newsletter


Related posts

Tags: , ,