Amid CONVID-19 Crisis Hackers Uses CV Theme Email Campaigns To Drop Banking Trojans
As the people are trying to fight against the coronavirus, and due to the world-wide lock-down situation. Many people were laid off from their jobs, pay cuts and daily-wagers were forced to stay at home. Thus, affecting the economy dramatically.
Recently, experts found Coronavirus Campaigns Causes Surge In Malware Threats in last three months.
As per a report by CNN, there were more than forty-millions of Americans filed for unemployment benefits for the first time. Thus, because of higher rates of unemployment, people are often falling for scams and tricks used by cyber-criminals. Such spams offer users for relief packages, latest updates of coronavirus, offering a job or any medical updates.
The recent campaign reported in which the hackers are using CV-themed spam emails to drop banking Trojans and info-stealers.
CV-theme spam emails to drop banking Trojans and info-stealers
The CV-themed campaigns in the US recorded a surge in the last two months. Surprisingly, 1 out of 450 spam emails sent out was found to be a CV-themed scam.
Recently, the checkpoint said to be discovering a malicious dropper within the CV-related scams. The spam campaign spread Zloader malware among the users. It is an infamous banking Trojan that is used to steal credentials of bank accounts.
The Zloader malware is a variant of Zeus Trojan that mainly targets customers of banking and financial organizations.
CV Theme Email Campaigns
The email is titled with subjects as “applying for a job” or “regarding job”. It appears to be sent from individual people seeking jobs in the coronavirus crisis situation. The CV may contain “.xls” file as attachment.
When the employer or target users open the attachment file, they are asked to “enable content”. After which, the macro-enabled document starts running and finally downloading the payloads of the malware. Thus, the infected system is available to execute malicious tasks, steal credentials to make fraudulent transactions and so on.
Among many countries receiving such emails, the UK and Romania are the ones. The phishing email has a title “CV from China” that has a file with extension ISO as “CV.iso”.
When the user opens the email, it drops a malicious exe file “CV.exe.” Then the program executes, it installs an info-strealer malware on the target device.
Hackers Uses Medical Leave Forms To Drop Icedid & Trickbot Malware
Along with the CVs used as vectors to drop malware, the security experts also found another phishing campaign. The spam uses “Medical Leave forms” to spread the “Icedid” malware. This is again a banking Trojan that manages to steal financial data of target users.
The malicious attachment is a document file named as “COVID -19 FLMA CENTER.doc.“ These has subjects as “The following is a new Employee Request Form for leave within the Family and Medical Leave Act (FMLA)“.
The alleged emails were sent from “medical-center.space,” which is a different domain. This tricks users to open the attachment to know more about it.
Similarly, the FMLA theme is again used to deliver Trickbot- banking Trojan. The malware is active since years now and is constantly being updated and customized, due to which, it serves as a multi-purpose campaign. In this campaign, the emails were again sent from different domains as “covid-agency.space”.
What Should You Do If Infected With Malware?
Needless to say, banking Trojans are the most destructive threats, as they not only compromise the system but also leads to huge financial loss. In such a case, if you have been a victim to any such scams or got any phishing email, then, you should follow these steps:
- You should immediately change passwords of all your banking accounts;
- Revert any transaction you made by following any promotional links arrived in your email;
- Remove browsing history and better not to store any login credentials on your device or browser;
- Immediately scan your computer to remove any malware infected with system.
If you don’t have any anti-malware active, then it is best time to a licensed version of reputed secularist software to protect your financial data from malware.
How To Protect Yourself From Scams
To protect yourself from such scams, you should follow some simple yet effective steps:
- Before opening any email attachment from unknown senders check if it is a scam or not. Read: How To Spot a Spam email.
- Don’t be in a hurry to open the attachment, click the link or perform any actions suggested by emails. Some, spam emails, tricks for lottery, invoice or job offers. Verify the source first, and google the subject line, if the email appears to be too good to be true.
- Avoid clicking on ads or promotions links sent from unknown senders. As the criminals may trick you to offer any heavy discount exclusively for you, and you may get easily tricked. They often redirect to the purchasing page, which may imitate to be real. However, they may spoof methods to make your fraud purchase.
- Use different passwords for bank accounts, applications and so on. As if hackers manages to hack one account, they will try other attempts to hack other accounts as well. The best thing you can do is keep encrypted passwords and secure it with password manager tools.
- Keep the system and applications updated. So as to patch any vulnerability which hackers exploit easily to drop malware.
- Use a trusted anti-malware program, along with system in-built firewall and security settings.
Although, it is very important to enable 2FA on your accounts, and use strong passwords. But to keep the passwords secure you should use a reputable Password Manager tool like Dashlane(Review).
To secure Your Digital Wallets download DashLane Password Manager Now.