A new phishing campaign has been discovered that will install a backdoor on the victim’s computer. The phishing campaign is utilizing President Trump’s recent contraction of the Corona Virus. With the presidential election just weeks away, people on both sides of the election have become obsessed with President Trump’s health due to the Corona Virus.
The phishing email which has been spotted by cybersescurity firm ProofPoint, is using a slew of different email subjects which include:
- Recent materials pertaining to the president’s illness
- Newest information about the president’s condition
- Newest info pertaining to President’s illness
The emails claim to have insider information on the president’s health, requiring the user to download a document using an embedded link. Once the link is clicked, the victim is brought to a Google Doc claiming that Google has scanned the file and is safe, prompting the user to download the document. Instead of downloading the doc, a BazarLoader executable will be downloaded instead.
A BazarLoader is a backdoor created by the TrickBot gang. This backdoor allows attackers to remotely access the computer which will be used to compromise the network. Generally this leads to the installation or the Ryuk ransomware. Ryuk is a form of ransomware that targets enterprise environments.
https://www.bleepingcomputer.com/news/security/phishing-emails-lure-victims-with-inside-info-on-trumps-health/
Leave a Reply
You must be logged in to post a comment.