Friday, January 22, 02:22
Home security Phishing campaign calls for witnesses to stand trial!

Phishing campaign calls for witnesses to stand trial!

PhishingRecently, Cofense security researchers have discovered a new one hacking a campaign targeting employees of insurance companies and retail industries. The hackers they send phishing emails to employees and claim to come from the Ministry of Justice. In fact, they infect the victim's computer with malware designed to steal information.

Researchers say phishing emails have the theme "Court"And bear the logo of the United Kingdom Department of Justice. The emails indicate that the recipient must attend court as a witness (subpoena) and ask for it to open a link to see more details as the court orders the matter to be resolved within 14 days. However, they are not specific information on the subject of judicial proceedings.

Opening the link leads to a cloud hosting provider who in turn leads their user to a document containing the "Predator The Thief», A malware commonly found in underground hacking Forums.

Predator the Thief is a malware that enables it theft usernames, passwords, browser data and content from cryptocurrency wallets. It can also take pictures using a webcam. Predator the Thief first appeared in July on 2018.

Hackers have taken care of that phishing emails to hide their malicious intent from security software. The email contains a link to Google Docs, which automatically redirects the user to Microsoft OneDrive, which in turn delivers one Microsoft Word document to the victim. The document asks the victim to enable macros. If the user obeys, it is done malware download via PowerShell.

Next, Predator the Thief is connected to one command-and-control server and provides the hacker with a gateway to the infected system. So attackers can steal data secretly. After gathering all the data that hackers want, malware self-destruct and so it leaves no trace.

Like most phishing attacks, hackers have used a serious issue (court case) to force victims to open the malicious link. However, there is an indication that something is wrong.

The phishing email mentions the word "subpoena". This term is commonly used in the United States. The email is supposed to come from the UK Department of Justice. The English judiciary, however, has not used the term "subpoena" since 1999. Since then, only the term "witness summons" has been used.

This shows that the perpetrators are trying to deceive them users using British logos but in reality they are not familiar with the country's judicial system.

Users have to be many careful by enabling macros and being constantly updated about them risks and threats to cyberspacein order to be suspicious and to recognize suspicious activity.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...
00:02:35

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...