Enquire Now

SBA And CDC Phishing Emails Can Carry Malware

According to Microsoft, its machine learning threat detection models have helped its research teams uncover multiple mal-spam campaigns. These campaigns have been tied together by the common theme of incorporating poisoned disk image files used as attachments. Each campaign has been aimed at a different target population, but all use some variant of COVID-19 in their subject lines, and all feature either ISO or IMG file attachments.

In all cases, the image files contain a version of the Remcos Remote Access Trojan (RAT) which allows the attackers to gain complete control over any machine their malware infects.

Microsoft identified three separate campaigns including:

  • One that specifically targeted US accountants and accounting firms with emails claiming to contain “COVID-19-Related Updates” for members of the American Institute of CPA’s.
  • Another targeting manufacturing concerns based in South Korea, with email subject lines and interior graphics painting them as being from the CDC’s Health Alert Network (HAN).
  • Yet another that specifically targeted small business in the US. These emails were crafted to appear to be from the Small Business Administration (SBA) and promised detailed information on how to get pandemic-related disaster loans.

Tanmay Ganacharya is the Director of Security Research in Microsoft’s Threat Protection division.

Tanmay had this to say about the recent discovery:

The main thing that we really wanted to call out, and why it caught our attention, is because of the COVID-19 lures and also because of the slightly different techniques we found and the type of attachments they are sending. They’re using ISO files, which is not super common. It’s not like this is the first time we have ever seen it, but it is also not like extremely common for attackers to do this.”

It goes without saying that if you, or one of your employees, gets an email like any of those described above, don’t run the attached files, and stay on your guard. We’re almost certain to see many more attacks like these before the crisis is behind us.

Used with permission from Article Aggregator

Share this post
Facebook
Twitter
LinkedIn
WhatsApp

Get in Touch With Our Team

Book a meeting
Submit Enquiry

Contact Us

Facebook Linkedin Youtube

What We Do

Industries

Subscribe to Weekly Tech Tips

We acknowledge the Traditional Owners of Country throughout Australia and the Bunurong people, who are the Traditional Owners of the land where we work. We pay respect to Elders past, present and emerging, recognising their continued connection to Country.

© Copyright 2024 Virtual IT Managed Services Pty Ltd. All Rights Reserved.

Acceptable Usage Policy

Privacy Policy

Terms & Conditions

Contact Us
Facebook Linkedin Youtube
Navigation
Company
  • Press Release
  • Terms of Use
  • Privacy Policy
  • Affiliate
Subscribe to Newsletter

Lorem ipsum dolor sit amet, consectetur adipiscing elit.