Friday, July 10, 10:37
Home security Phishing campaign calls for witnesses to stand trial!

Phishing campaign calls for witnesses to stand trial!

PhishingRecently, Cofense security researchers have discovered a new one hacking a campaign targeting employees of insurance companies and retail industries. The hackers they send phishing emails to employees and claim to come from the Ministry of Justice. In fact, they infect the victim's computer with malware designed to steal information.

Researchers say phishing emails have the theme "Court"And bear the logo of the United Kingdom Department of Justice. The emails indicate that the recipient must attend court as a witness (subpoena) and ask for it to open a link to see more details as the court orders the matter to be resolved within 14 days. However, they are not specific information on the subject of judicial proceedings.

Opening the link leads to a cloud hosting provider who in turn leads their user to a document containing the "Predator The Thief», A malware commonly found in underground hacking Forums.

Predator the Thief is a malware that enables it theft usernames, passwords, browser data and content from cryptocurrency wallets. It can also take pictures using a webcam. Predator the Thief first appeared in July on 2018.

Hackers have taken care of that phishing emails to hide their malicious intent from security software. The email contains a link to Google Docs, which automatically redirects the user to Microsoft OneDrive, which in turn delivers one Microsoft Word document to the victim. The document asks the victim to enable macros. If the user obeys, it is done malware download via PowerShell.

Next, Predator the Thief is connected to one command-and-control server and provides the hacker with a gateway to the infected system. So attackers can steal data secretly. After gathering all the data that hackers want, malware self-destruct and so it leaves no trace.

Like most phishing attacks, hackers have used a serious issue (court case) to force victims to open the malicious link. However, there is an indication that something is wrong.

The phishing email mentions the word "subpoena". This term is commonly used in the United States. The email is supposed to come from the UK Department of Justice. The English court system, however, has not used the term 'subpoena' from 1999. Since then, only the term "witness summons" has been used.

This shows that the perpetrators are trying to deceive them users using British logos but in reality they are not familiar with the country's judicial system.

Users have to be many careful by enabling macros and being constantly updated about them risks and threats to cyberspacein order to be suspicious and to recognize suspicious activity.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Caution! Gambling data leak!

According to security researchers at vpnMentor, data of millions of people have been leaked on the internet. Specifically, the leak ...

Flutter UI Toolkit: Also available for Ubuntu distributions

Recently, the first (alpha) version of the Flutter UI toolkit was announced for Ubuntu-based operating systems. After...

The majority of companies are concerned about security in the public cloud!

Most companies are concerned about security in the public cloud. Specifically, a percentage of 70% admits that he has fallen victim ...

Joker Malware apps are redistributed through the Google Play Store

Security researchers have discovered another incident with Android malware that hides in applications and records unsuspecting ...

The U.S. military is taking new steps to stop hackers

The US military is also working to take advantage of cloud migration and at the same time ensure data security ...

Microsoft's new KDP technology eliminates malware

Microsoft today released the first technical details about a new security feature that will soon be part of Windows 10 ....

Evilnum hacking team linked to attacks on Fintech companies!

Evilnum malware has been detected in the area of ​​cyber security threats since 2018, with the APT team behind ...

Ford: Employees demand an end to the supply of police vehicles!

Ford officials have asked the company's management to stop building and selling police vehicles. The reason for ...

Conti ransomware uses 32 CPU challenges at the same time

A lesser-known ransomware executive known as Conti uses up to 32 simultaneous CPU threads to encrypt files on infected computers ...

Microsoft Office updates: Fix issues in Word and Skype

Microsoft released the non-security July updates for Microsoft Office, which include improvements and fixes ...