COVID-19 Phishing Attacks Target U.S.
A new phishing attack targeting U.S. users is trying to deploy Remcos, a trojan that allows a hacker to gain full control of a victim's computer, according to research from Microsoft Security Intelligence. Many phishing and spam campaigns are directly related to the COVID-19 pandemic are active right now. Hackers are trying different ways to trick people into sharing credentials or downloading malware.
With the economy being affected by the pandemic, people are paying more attenton to emails that offer advice, loans and other types of financial support. Hackers are preying on this to steal information. Another effective approach is scaring people with threats of account closures or company furloughs.
In the latest campaign, the hackers are deploying Remcos malware. If successfully deployed, the malware can be used to steal credentials, control the PC remotely and turn the infected PC into a bot. Remcos campaigns are targeting specific sectors using various COVID-19 themed lures and atypical email attachments. Unlike other malware, Remcos campaigns appear to be limited and may be an attempt to fly under the radar.
Hackers pretend to represent the US Small Business Administration, offering small businesses disaster loans. The message contained an IMG file, which mounts as an image in Windows. The only file was an executable that deployed Remco if run. In another attack, the attached file had a misleading PDF icon, but was still an executable. In a third example, the message was titled COVID-19 related updates and was directed at the members of the American Institute of CPAs.
The best practice is never to open emails or attachments from unknown sources, and always make sure to have a anti-virus program installed on the PC.