An IT security company has uncovered a malware-laden email that claims to come from the World Health Organisation that is designed to prey on fears over the Ebola virus.
According to researchers at Trustwave, the malware threat disguises itself in an email from the World Health Organization (WHO), complete with an attached file.
The message reads that it has information on how to prevent the Ebola spread in the file. However, the file is in fact an executable that installs the DarkComet Remote Access Trojan (RAT).
The Trojan makes use of its heavily obfuscated script to run undetected by antivirus software. This then creates a randomly named folder in the Windows Application Data drive and copies all of its component files into that folder.
As well as keylogging, the Trojan can capture webcam images and sounds. It can remotely access the desktop as well as uploading and executing other files.
The malware also gathers system information, modifies system host files, executes shell commands, steals passwords and torrent files, lists processes and runs remote scripts.
The Trojan then sends all this information to a remote server. At present, researchers said they have only seen one sample from the campaign so far.
"At this time we don't have reason to believe it is a widespread campaign. The address it was sent to was an old honeypot address, so it's not exactly targeted either," the researchers said in a blog post.
"These facts taken together suggest a low volume campaign (sent to whatever address list the spammer is using) in an attempt to infect random users in the hope of gaining some data that can be used or sold."
The firm said another campaign pretended to be from the Mexican Government with an advisory of the Ebola situation in Mexico. Trustwave said just last week the United States Computer Readiness Team (US-CERT) published an advisory warning users of scams and spam campaigns using the Ebola virus as a social engineering theme.
-
CronRat Magecart malware uses 31st February date to remain undetectedNews The malware allows for server-side payment skimming that bypasses browser security
-
Mekotio trojan continues to spread despite its operators’ arrestsNews Hackers have used it in 100 more attacks since arrests
-
“Trojan Source” hides flaws in source code from humansNews Organizations urged to take action to combat the new threat that could result in SolarWinds-style attacks
-
What is Emotet?In-depth A deep dive into one of the most infamous and prolific strains of malware
-
Fake AnyDesk Google ads deliver malwareNews Malware pushed through Google search results
-
Hackers use open source Microsoft dev platform to deliver trojansNews Microsoft's Build Engine is being used to deploy Remcos password-stealing malware
-
Android users told to be on high alert after Cerberus banking Trojan leaks to the dark webNews The source code for the authenticator-breaking malware is available for free on underground forums
-
Qbot malware surges into the top-ten most common business threats
News An evolved form of the banking Trojan was distributed by number one-ranking Emotet in a campaign that hit 5% of businesses globally
