Coronavirus Health Notifications Being Used To Carry Malicious Threats

March 30, 2020

Written by wukovits

A Pakistani-based hacking group that goes by a variety of names, including “Transparent Tribe,” “APT36,” “Mythic Leopard” and others has been discovered to be behind a particularly nasty attack recently.

Researchers with QiAnXin’s RedDrip Team discovered a phishing campaign bearing the group’s stamp.

This new campaign utilizes poisoned files that appear to be health advisories sent by the Indian government. These days, people are desperate for information about the Coronavirus, and the hacking group is taking full advantage.

Their poisoned documents are being opened at an alarming rate, and when they are, a malicious tool called the Crimson RAT (Remote Administration Tool) is being installed.

This tool allows the hacker group to, (among other things):

  • Capture screenshots
  • Collect information about the antivirus software the victim’s computer or device uses
  • Make use of TCP protocols for communicating with the command and control server
  • Stealing credentials from the victim’s browser
  • Listing running process, drives and directories on the victim’s machine
  • Retrie files from its C&C server

While all of those are bad, the last one is probably the most dangerous. Once the hackers have established an entry point on the infected system, they can use the communications link with the C&C server to install literally any other type of software they want.

For the time being, the group has contented themselves with operations in India, but they’re not the only state sponsored threat actor on the world stage. They’re certainly not the only ones to be using the fear surrounding the Coronavirus as cover for their nefarious activities.

Be sure your employees are aware of this new threat, and adopt the policy of not opening any health related information you get via email. If you want to know the latest information available, instruct your team to go to the CDC’s website and pull it straight from the source.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Send us a message

Your message was sent.