A new phishing campaign is attracting unsuspecting victims, claiming that it provides emails with detailed information about the health of US President Donald Trump, who announced a few days ago that he was infected with COVID-19:.
With the upcoming ones elections of USA to be cross-party, people from different walks of life are obsessed with Trump's health for a variety of reasons. To take advantage of this, the hackers located behind the BazarLoader trojan have launched a new phishing campaign that claims to provide confidential information about Trump's situation.
The new phishing campaign spotted by company researchers cyber security ProofPoint uses many different email themes. Some of them are the following:
- Recent material on the President's illness
- Recent information on the situation of the President
- Recent information on the President's illness
According to BleepingComputer, the spam emails claim to have new information about Trump's health, but ask unsuspecting victims to download a document using a link embedded in it.
When a recipient clicks on the link, they will be taken to a Google Doc that states that Google has scanned the file and it is safe. It then asks the visitor to download the document. When someone clicks on the download link, instead of downloading a Word document, an executable BazarLoader will be downloaded. BazarLoader is one backdoor trojan that seems to have been created by his gang TrickBot. By installing it, BazarLoader allows hackers to gain remote access to the victim's computer and use it to compromise the rest of the network. These attacks eventually lead to its development Ryuk ransomware in a victim network, which converts the infringement a computer in corporate attack.
BazarLoader is not the only malware exploiting the upcoming US and Trump elections. Last week, ProofPoint spotted emails allegedly coming from Democratic National Convention (DNC), and infect recipients with Emotet trojan.