Tuesday, October 27, 16:48
Home security New phishing campaign "infects" Trump supporters with trojans!

New phishing campaign "infects" Trump supporters with trojans!

A new phishing campaign aims to infect supporters of their President USA, Donald Trump, with a dangerous banking trojan. THE malware campaign was spotted by Area 1 Security on August 21st. The hackers behind it, send to unsuspecting victims emails which are supposed to come from legitimate Political Action Committees (PACs), but are in fact fake.

These emails refer to widely published political issues and events, and have the subject lines “Fwd:” and “RE:” Trump supporters who are the target of this campaign, when they fall into the trap, are attacked on their system by Emotet trojan.

Trump supporters

According to the security researchers, the hackers are promoting a legitimate PAC mail program with the aim of developing a false sense of legitimacy, with completely authentic content throughout the body of the message. Every link leads to malicious sites of counterfeit PACs. The Emotet download program is contained in one of its documents Microsoft Word attached to the malicious email.

Researchers say hackers are using the phishing campaign to draw media attention to the president's decision to temporarily suspend funding to the World Health Organization (WHO) pending the outcome of a formal inquiry into the organisation's response to the pandemic. Mesures COVID-19 affecting countries globally.

The researchers also pointed out that hackers present the Emotet delivery mechanism as a message for timely and well-publicized policy issues. An email sent to Trump supporters with the subject «Fwd: Breaking: President. Trump suspends WHO funding ", prompt recipients who agreed to the funding suspension to click on a button labeled "Stand with Trump". The hackers used the displayed fake name in an attempt to hide the real address of the sender.

phishing campaign-trojan

While the sender addresses used to spread phishing emails about WHO vary, they were found to come from a legitimate account that had been compromised by its hackers. campaign. This tactic has allowed hackers to successfully pass email authentication protocols, such as DMARC. Using legitimate email addresses that have been compromised would also make it very difficult for victims to realize that they have been deceived by cybercriminals.

The researchers found that every wave detected in this phishing campaign used compromised email accounts of many small businesses around the world that lured victims with the same stolen PAC email content.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


How to enable the new Chrome Read more feature

The latest version of Google Chrome browser, v86, released earlier this month, contains a secret feature called Read ...

How to choose a custom color for the Start menu

Starting with the October 2020 update, Windows 10 is the default on a theme that removes bright colors from ...

NASA telescope discovers drinking water on the moon

Eleven years ago, a spacecraft changed our view of the moon forever. The data collected by ...

Microsoft: Enhances password spray attack detection capabilities

Microsoft has significantly improved the ability to detect password spray attacks in the Azure Active Directory (Azure AD) and has reached the point ...

How to prevent companies from finding our phone number

In the age of advertising, the more user information is known the more convenient it is for companies. And in particular, the ...

Violation in a psychotherapy clinic led to blackmail of patients

Two years ago, a cyber attack took place in a Finnish psychotherapy clinic, which resulted in data theft and ransom demand. Now,...

Australia: Enhances cybersecurity and privacy!

The Government of New South Wales in Australia has set up a task force to strengthen cybersecurity and protection ...

More than 100 irrigation systems were left exposed on the internet

More than 100 smart irrigation systems were left exposed on the internet without a password last month, allowing anyone to access ...

Violation in Nitro Software most likely affects Google, Apple, Microsoft

Nitro PDF (Nitro Software) service has suffered a data breach, which is said to affect many well-known companies, such as Google, ...

Hacker steals $ 24 million from cryptocurrency service Harvest Finance

A hacker has stolen "cryptocurrency assets" worth about 24 million dollars from the decentralized financing service (DeFi) Harvest Finance, a web portal ...