March 2, 2021

TerabitWeb Blog

Fascinating Technology and Security Information

Threat actors play on people’s desire to help cure Coronavirus

2 min read

Original Post from SC Magazine
Author: Doug Olenick

Much like
the new cases of COVID-19 that occur daily, cybercriminals are constantly rolling
out new tactics, techniques and procedures based on the pandemic.

One of the newer attacks, first observed on March 7, uses a Coronavirus themed email to spread RedLine Stealer malware. This is described as a particularly well designed, written and developed malware, reported Proofpoint, that is delivered through an email’s URL. Additionally, it is being distributed as a malware as a service priced at $150 lite version, $200 pro version and $100 per month subscription option.

The social
engineering aspect of the attack is also highly developed. The subject line
asks the recipient, generally a U.S.-based healthcare or manufacturing industry,
to “Please help us with Fighting corona-virus”. They are supposedly from a
company called Mobility Research which claims it is part of the Folding@Thome project.
This name is an intentional misspelling of the legitimate Foldering@Home, a
public-resource computing firm – like the now shuttered SETI at Home project, that
might confuse people into opening the email.

The victim
is then directed to the malware bucket on Bitbucket and asked to install it, Proofpoint
said.

RedLine Stealer steals browser information such as login, autocomplete, passwords and credit cards. It also collects information about the user and their system such as the username, their location, hardware configuration, and installed security software. A recent update to RedLine Stealer also added the ability to steal cryptocurrency cold wallets.

But this is
not the only campaign being run.

The gang
TA505, which has pushed Locky ransomware and the Dridex banking trojan, this
week started using a Coronavirus hook with their emails aimed at the downloader
campaign targeting the U.S. healthcare, manufacturing, and pharmaceuticals
industries.

TA564 is
doing much the same against Canadian citizens using coronavirus emails to
target Canadian users by spoofing the Public Health Agency of Canada in an
attempt to deliver the banking trojan Ursnif.

The post Threat actors play on people’s desire to help cure Coronavirus appeared first on SC Media.


Go to Source
Author: Doug Olenick

Copyright © All rights reserved. | Newsphere by AF themes.