A new phishing campaign aims to infect supporters of their President USA, Donald Trump, with a dangerous banking trojan. THE malware campaign was spotted by Area 1 Security on August 21st. The hackers behind it, send to unsuspecting victims emails which are supposed to come from legitimate Political Action Committees (PACs), but are in fact fake.
These emails refer to widely published political issues and events, and have the subject lines “Fwd:” and “RE:” Trump supporters who are the target of this campaign, when they fall into the trap, are attacked on their system by Emotet trojan.
According to the security researchers, the hackers are promoting a legitimate PAC mail program with the aim of developing a false sense of legitimacy, with completely authentic content throughout the body of the message. Every link leads to malicious sites of counterfeit PACs. The Emotet download program is contained in one of its documents Microsoft Word attached to the malicious email.
Researchers say hackers are using the phishing campaign to draw media attention to the president's decision to temporarily suspend funding to the World Health Organization (WHO) pending the outcome of a formal inquiry into the organisation's response to the pandemic. COVID-19 affecting countries globally.
The researchers also pointed out that hackers present the Emotet delivery mechanism as a message for timely and well-publicized policy issues. An email sent to Trump supporters with the subject «Fwd: Breaking: President. Trump suspends WHO funding ", prompt recipients who agreed to the funding suspension to click on a button labeled "Stand with Trump". The hackers used the displayed fake name in an attempt to hide the real address of the sender.
While the sender addresses used to spread phishing emails about WHO vary, they were found to come from a legitimate account that had been compromised by its hackers. campaign. This tactic has allowed hackers to successfully pass email authentication protocols, such as DMARC. Using legitimate email addresses that have been compromised would also make it very difficult for victims to realize that they have been deceived by cybercriminals.
The researchers found that every wave detected in this phishing campaign used compromised email accounts of many small businesses around the world that lured victims with the same stolen PAC email content.