SBA And CDC Phishing Emails Can Carry Malware


According to Microsoft, its machine learning threat detection models have helped its research teams uncover multiple mal-spam campaigns. These campaigns have been tied together by the common theme of incorporating poisoned disk image files used as attachments. Each campaign has been aimed at a different target population, but all use some variant of COVID-19 in their subject lines, and all feature either ISO or IMG file attachments.

In all cases, the image files contain a version of the Remcos Remote Access Trojan (RAT) which allows the attackers to gain complete control over any machine their malware infects.

Microsoft identified three separate campaigns including:

  • One that specifically targeted US accountants and accounting firms with emails claiming to contain “COVID-19-Related Updates” for members of the American Institute of CPA’s.
  • Another targeting manufacturing concerns based in South Korea, with email subject lines and interior graphics painting them as being from the CDC’s Health Alert Network (HAN).
  • Yet another that specifically targeted small business in the US. These emails were crafted to appear to be from the Small Business Administration (SBA) and promised detailed information on how to get pandemic-related disaster loans.

Tanmay Ganacharya is the Director of Security Research in Microsoft’s Threat Protection division.

Tanmay had this to say about the recent discovery:

The main thing that we really wanted to call out, and why it caught our attention, is because of the COVID-19 lures and also because of the slightly different techniques we found and the type of attachments they are sending. They’re using ISO files, which is not super common. It’s not like this is the first time we have ever seen it, but it is also not like extremely common for attackers to do this.”

It goes without saying that if you, or one of your employees, gets an email like any of those described above, don’t run the attached files, and stay on your guard. We’re almost certain to see many more attacks like these before the crisis is behind us.

Used with permission from Article Aggregator



Don’t even think about calling a computer consultant before you read this!

If you are a small to medium business owner looking for computer support, then it’s critical that you read this business guide about IT services: This Business Advisory Guide Will Arm You With 18 Revealing Questions You Should Ask Any Computer Consultant Before Giving Them Access To Your Company’s Network.

Important! We hate spam as much (or more!) than you and promise to NEVER rent, share, or abuse your e-mail address and contact information in any way.

“Be Your Own Best Defense Against Cybercrime”

Sign Me Up For The Free Assessment

Book My Brief 30 Minute Initial Consultation