- Phishing actors were quick to adopt a theme that is currently on the news and enriched by online conspiracy theories.
- The actors are promising “insider information” on Trump’s health, but serve backdoors.
- The ultimate goal is to compromise entire networks and infect the systems with the Ryuk ransomware.
An ongoing phishing campaign shows how quick malicious actors are in adopting themes that are currently hot in the news. More specifically, the emails that are distributed to potential victims claim to share insider information about President Trump’s condition after his partial recuperation from the recent COVID-19 infection. The rumors that circulate out there make this topic even better because they only serve as fuel to some of the recipients’ curiosity.
So far, three subjects are used in the campaign, namely:
- Recent materials pertaining to the President’s illness
- Newest information about the President’s condition
- Newest info regarding the President’s illness
The teasing message features an embedded button that points to a Google Document link. If users click on the “Download” link hoping to read the document, they are instead served with a BazarLoader executable. This is a malware/backdoor originally created by the Trickbot group, so there could be a link with the notorious gang here.
The victims of this campaign will get the backdoor planted in their system, which then creates a door for hackers to access their files or use the machine to scan more computers in the same network. However, the ultimate goal of these attacks is to deploy the Ryuk ransomware, so this doesn’t happen in all cases. Obviously, actors are aiming for corporate networks and firms that can be extorted for a lot of money, not home users.
Interestingly, the TrickBot group of hackers was recently associated with another recent malware campaign, which also exploited the topic of the 2020 Presidential elections in the United States. This tells us that the particular actors actively target the US-based firms right now and will swiftly jump to other topics, even on a day-by-day basis.
To stay safe from this type of risk, do not click on links and embedded buttons that arrive via email, do not trust unsolicited messages, and don’t believe anyone who promises to share information that would be extremely confidential. If any of that would ever leak publicly, you would get to know about it in other channels, and not someone you don’t know sending it via email.