Black Lives Matter is the latest hook bad actors are
using to persuade people to open email attachments containing malware,
according to Bitdefender’s telemetry.
Criminals use any new massive event to accelerate the
spread of various malware campaigns. Proof of that, as if there any further
evidence were needed, is the COVID-19 pandemic. Bad actors have used it as a
cover to send emails that seemed to originate from official sources with the
single purpose of infecting as many computers as possible.
The latest trend in spreading malware is piggybacking on
the Black Lives Matter protests underway right now in the United States that
have captured the attention of the entire planet. Spam emails with malware
attachments have been floating around for a few weeks now.
Most of the messages in the emails intercepted by
Bitdefender are not all that complex. They only have a single phrase that might
differ slightly: Vote anonymous about “Black Lives Matter”, Let us
know your opinion anonymous about “Whose Lives Matter”, Give YOUR
Feedback confidentially about “Black Lives Matter”, Give your opinion
anon about “Whose Lives Matter”, and similar variations. You can
check out one of the samples at VirusTotal.
Such spam and malware campaigns are not all that
original. Most of the time, the only thing that changes is the message in the
email, with the malware file remaining the same, no matter the campaign. In
this case, the files have a Trojan embedded, a tainted file using the Macro
functionality in Microsoft Office.
When a user opens the attachment, a number of commands
are executed, allowing a script to download a dropper, which installs the malware.
Once the Trojan is installed, it communicates back to the command and control
center, allowing a remote attacker to take over.
As usual, users are advised never to open emails or
attachments from unknown sources and to use a security solution on their
devices, whether it’s a laptop, a PC or a phone.