The post from”Symantec reveals an observation of three malware operations and a phishing campaign using the Ebola virus as a social engineering theme.
Symantec sheds light on the three different methods via which the cybercriminals are getting people to install viruses on their devices. These viruses can assist in stealing sensitive data and passwords.
cybercriminals send out an email that has a phony report on Ebola attached to it. The fake report is aimed at luring victims and downloading the attachment will result in the computer getting infected with the Trojan. Zbot malware.
This also involves sending out an email to the victims. However, this email imitates a telecom provider in the UAE – Etisalat – and also has a supposed “high-level presentation” pertaining to the Ebola virus attached as a zip file. Opening the file entitled “EBOLA – ETISALAT PRESENTATION.pdf.zip” will result in the computer being infected by the Trojan.Blueso.
This malware infects a user’s Web browser with W32.Spyrat. Once infected, the hacker can delete files and folders on the victim’s computer, log key strokes, download/upload files, open Web pages, record from the webcam, capture screenshots and even get details on the installed apps, the computer and OS.
This one is quite sneaky and it builds on the news that the experimental Zmapp drug can cure Ebola. The attackers in a bid to lure the victims, email them claiming that “Ebola virus has been cured” and “the news should be shared widely.” This email too is accompanied by an attachment i.e. the malware Backdoor.Breut.
The attackers are even using renowned publication CNN’s name to make the emails seem authentic. This ploy adapts a brief story line and includes supposedly authentic links to an “untold story” which the user needs to click. The email also claims to provide a list of the “targets” areas and tips on guarding against the disease.
Incase the user clicks on the links given in the email, he/she is directed to a page where they need to select an email provider. This Web page has been created by the hackers and keying in your email details and password will result in the information being sent to the attackers. Post this, the victims is redirected to the authentic CNN home page.
Source: Tech Times