“Fake Black Lives Matter” A Voting Campaign That Spreads Trickbot Malware
Security researchers have noticed a phishing email scam campaign which asks users to vote anonymously about Black Lives Matter is spreading the TrickBot, a information-stealing malware.
The aforesaid malware is since a banking trojan, it has evolved to do numerous malicious activities.
This behavior is found spreading laterally through a network and stealing saved credentials in browsers, Active Directory Services databases, cookies, OpenSSH keys, RDP, VNC, and many more.
TrickBot is also found capable of partnering with ransomware operators like Ryuk, to provide them access to a compromised network to deploy the ransomware.
Details about Black Lives Matter movement
As discovered by cyber security organization named Abuse.ch, the threat actors use current events as measures to trick targeted users into opening their malicious emails. In such cases, the campaign pretend to be from “Country administration” asking users to Vote anonymous about Black Lives Matter.
The email actually states the users to Leave a review confidentially about “Black Lives Matter” and then asks them to fill out and return an attached file named ‘e-vote_form_3438.doc’.
Once the attachment is downloaded and executed, it opens in MS Word, and greets the user with a message say that they need to click on Enable Editing and Enable Content buttons to view the included content properly.
However, if the buttons are clicked, the document runs macros to download a malicious DLL on computer and execute it. This DLL file is actually TrickBot trojan which runs to download its modules further to infect a machine in order to steal banking credentials or information throughout the network connected terminals.
Based on the capabilities of TrickBot trojan, it’s said to be a devastating computer infection no matters you are a corporate user or a home user.
So, it’s very important to keep in mind that malware developers and promoters commonly become more active during significant moments in past and political unrest.
It’s nothing new to see such phishing scams and even not surprising as there’s already found dramatic increase in phishing and cyber attacks nowadays and are themed on Covid-19. All you require to be very careful with any such emails, especially while you receive some politically or socially motivated ones, as they could be a malware in disguised form.