Growing interest in Covid-19 information leads unsuspecting victims into a trap
It’s been several months since many people began working from their homes due to travel restrictions, health concerns, and social distancing measures. The rise in people working at home presents an ideal opportunity for attackers to gain access to their home networks.
Attackers are now using spearphishing emails misusing Covid-19 information to do so, most of which is spam. This form of contact can make it easier to mislead victims to download and possibly open malicious documents.
Taking advantage of everyone’s interest in news related to Covid-19, attackers are finding ways to use sources of Covid-19 information as bait. Below is an example of an email containing a Microsoft Excel Document with coronavirus (Covid-19) data in the U.S.
When a user enables macros, this malicious document downloads and executes an executable file.
This executable file allows attackers to gain access to the victim's computer.
This is just one of the examples of attackers using the current situation in their favor. They are not limited to Word or Excel files, but also other file types that can be spread through emails.
Even with trusted sources, we should think twice before opening an attachment that contains Excel documents. This is especially true when the document requires the enabling of macros.
The best way to stay safe is to use common sense, use antivirus software and ignore attachments from untrusted sources.
Avast Threat Intelligence has identified a new advanced persistent threats (APT) campaign targeting government agencies and a government data center in Mongolia.
Our Aposemat Team has been testing the capabilities of IPv6 and how malware could take advantage of it. One of the topics explored was exfiltration of data via the IPv6 protocol, which we discuss in this post.
Popular banking services, including PayPal, Revolut and Venmo, allow users to request money from others with a few easy steps. Although simple, this functionality could increase the likelihood of related spearphishing attacks.