Cybercriminals Exploit Black Lives Matter Campaign to Distribute Malware via Email Amid Social Unrest
Threat actors are now exploiting the Black Lives Matter campaign to distribute malware via email, which lures users to open an attached Microsoft Word file to “leave a review confidentially about Black Lives Matter.” The phishing emails’ subject line goes as “Vote anonymous about ‘Black Lives Matter.’”
Once a user opens the attached file, it initiates the installation of the so-called TrickBot trojan. Initially, TrickBot began in 2016 as a banking trojan targeting Windows operating system to harvest emails, credentials, and steal banking information. However, the malware has evolved to perform other malicious tasks such as stealing cookies, OpenSSH keys, and Active Directory Services databases, among other things.
“From what I see is that the spam campaign was pretty big, apparently hitting U.S. mailboxes. Historically, TrickBot is an e-banking trojan. However, these days TrickBot is heavily used by various threat actors to install additional malware on the victim’s computer. In corporate networks, this usually leads to Ransomware such as Ryuk.”
Cyber Attacks Rise Amid Social Unrest
Cyber attacks rise amid social unrest around the globe connected to public health crises, natural disasters, and terror attacks, among others. Thus, global uncertainty caused by the COVID-19 epidemic has resulted in a surging number of malicious campaigns circulating the Internet, according to a recent report from PwC. They began in late January, wherein threat actors posed as a trusted organization like a bank or a merchant, and rocketed by the middle of March.
The most popular criminal schemes include business email compromise scams, with cybercriminals attempting to obtain sensitive information or funds, as well as credentials, to further compromise companies’ information systems. Often, bad actors disguise phishing emails as government announcements. The report explains:
“Emails include links to items of interest, such as ‘updated cases of the coronavirus near you.’ Landing pages for these false links may look legitimate, but the sites are often malicious and may be designed to steal email credentials.”
This spring, cybersecurity firm Kaspersky Lab alone identified 403 users of its security products, who were attacked with around 500 coronavirus-related files.
In late May, Minneapolis police were hit with a DDoS attack amid protests over the police killing of George Floyd earlier that week. The hackers attacked the PD’s website and promised to expose a history of crimes committed by the officers.
Subscribe to our Newsletter<
- Researchers Disclose Bot in Disguise Mining Crypto and Stealing User Data
- Banking Trojan Mekotio Now Targets Cryptocurrencies
- Messenger App Steals User Data and Hacks Their Devices, ESET Research
- Hacker Group Targeting Fintech Companies and Personal Data Has Been Under Radar For Years, NOD32 Developer Finds
- Stalkerware Usage in on the Rise as Domestic Violence Rates Surge During Lockdown
- Former Yahoo! Engineer Who Hacked 6,000 Email Accounts Looking for Sexually Explicit Media Avoids Jail
- Malware App Fakes Postal Service to Steal User Personal Data and Manipulate SMS Messages
- U.S. University Pays Over $1M Ransom in Bitcoin to Hackers to Regain Access to Encrypted Data