Cybercriminals Exploit Black Lives Matter Campaign to Distribute Malware via Email Amid Social Unrest
Threat actors are now exploiting the Black Lives Matter campaign to distribute malware via email, which lures users to open an attached Microsoft Word file to “leave a review confidentially about Black Lives Matter.” The phishing emails’ subject line goes as “Vote anonymous about ‘Black Lives Matter.’”
Once a user opens the attached file, it initiates the installation of the so-called TrickBot trojan. Initially, TrickBot began in 2016 as a banking trojan targeting Windows operating system to harvest emails, credentials, and steal banking information. However, the malware has evolved to perform other malicious tasks such as stealing cookies, OpenSSH keys, and Active Directory Services databases, among other things.
“From what I see is that the spam campaign was pretty big, apparently hitting U.S. mailboxes. Historically, TrickBot is an e-banking trojan. However, these days TrickBot is heavily used by various threat actors to install additional malware on the victim’s computer. In corporate networks, this usually leads to Ransomware such as Ryuk.”
Cyber Attacks Rise Amid Social Unrest
Cyber attacks rise amid social unrest around the globe connected to public health crises, natural disasters, and terror attacks, among others. Thus, global uncertainty caused by the COVID-19 epidemic has resulted in a surging number of malicious campaigns circulating the Internet, according to a recent report from PwC. They began in late January, wherein threat actors posed as a trusted organization like a bank or a merchant, and rocketed by the middle of March.
The most popular criminal schemes include business email compromise scams, with cybercriminals attempting to obtain sensitive information or funds, as well as credentials, to further compromise companies’ information systems. Often, bad actors disguise phishing emails as government announcements. The report explains:
“Emails include links to items of interest, such as ‘updated cases of the coronavirus near you.’ Landing pages for these false links may look legitimate, but the sites are often malicious and may be designed to steal email credentials.”
This spring, cybersecurity firm Kaspersky Lab alone identified 403 users of its security products, who were attacked with around 500 coronavirus-related files.
In late May, Minneapolis police were hit with a DDoS attack amid protests over the police killing of George Floyd earlier that week. The hackers attacked the PD’s website and promised to expose a history of crimes committed by the officers.
Subscribe to our Newsletter<
- U.S. University Pays Over $1M Ransom in Bitcoin to Hackers to Regain Access to Encrypted Data
- FBI Names Six U.S. States Most Vulnerable to Online Attacks
- U.S. Accuses Julian Assange of Recruiting LulzSec and Anonymous Hackers to Steal Gov’t Documents for WikiLeaks
- Secure Identity Expert Explains How Cryptography Gives Us Power Over Personal Data
- Amnesty Tech Exec: NSO Group’s Malicious Spyware Is Enabling State-Sponsored Repression of Human Rights Defenders
- Eastern European Hacker Group Stole $200m From Crypto Exchanges via Supply-Chain Attack
- Telegram User Data From Earlier Leaks Found on Dark Web, Contact Import Feature Is to Blame
- Are RSA and Cryptocurrencies Safe Despite Quantum Computing Progress?