No, your company’s vehicle wasn’t involved in a car crash, and you’re not getting a five-figure fine for it from the government – it’s all an elaborate scheme to get you to install information-stealing malware on your computer, experts have warned.
Cybersecurity researchers from the Cofense Intelligence Team recently published a new blog in which they detailed a new phishing campaign that reaches its targets “at an alarming rate”.
In this campaign, the attackers are deploying a creative lure, and pairing it with multiple cloak-and-dagger methods to bypass email protection solutions. Furthermore, they are impersonating the Federal Bureau of Transportation to scare the victims into downloading and running the attachment.
Open redirects and impersonation
In the campaign, the unnamed attackers tell their victims that a company car was involved in an accident. The victims are mostly in the Oil and Gas sector, although Cofense isn’t sure exactly why. They speculate that the attackers could pivot to other industries rather fast, and will probably do that soon.
The phishing email comes with an embedded link that abuses open redirects, a vulnerability that allows an attacker to use a legitimate website as a stepping stone towards the malicious one. In this campaign, Google Maps and Google Images are being leveraged. The embedded link then redirects to a URL shortener, which then opens a site that hosts a PDF file.
This file is seemingly from the Federal Bureau of Transportation, and mentions a possible fine of $30,000 for the incident. It also comes with a clickable image, which triggers the download of a .ZIP file which hosts the Rhadamanthys Stealer. As soon as the file is run, it establishes a connection to the command and control (C2) server, and grabs the victim’s login credentials, cryptocurrency wallet data, and other sensitive files.
As usual, the best way to defend against these attacks is to use common sense and think twice before downloading and running email attachments.
+ There are no comments
Add yours