Cybercriminals have been known to take advantage of events with considerably public interest to spread malwares. It is unsurprising they are currently capitalizing on the Ebola hysteria which currently sweeping the world at an alarming rate. Hackers are sending out emails with embedded malwares purportedly from WHO giving important tips on fighting Ebola.
According to experts at Trustwave’s SpiderLabs who unearthed the scam, the Emails disguises themselves with a legitimate WHO logo, urging the victim to open an important attachment on Ebola. Once the victim downloads the attachments, a Dark comet malware is unleashed in the system, enabling the hacker to take full control of the system.
“The information and prevention listed in the attached file will help you and those around you stay safe,” claims one email published on SpiderLabs’ blog. “There is an outbreak of Ebola and other diseases around that you know nothing about. Download the World Health Organization file for more information on how to stay safe from Ebola and other preventable diseases. We care.”
Experts say the aim of the attacker is to install a Dark Comet Remote Access Trojan (RAT), a powerful malware that cannot be detected by the PC’s antivirus software. RAT gives the hacker remote access to infected devices, including access to all sensitive information on the PC.
“Once dark comet is installed on your system the criminals out there have full control of your computer. They can turn on your web cam and video tape you without you knowing they can turn on your microphone and record voices in the room they can upload files and download files, install things, steal passwords,” said Karl Sigler, an Anti-spam digital security specialist at Trustwave.
Trustwave discovered the attacks through one of its “honeypot address” used to trap hackers. In the meantime, there is no evidence of worldwide attacks .The scam is a “low Target Campaign” focused on specific organizations with the hope of obtaining data that could be sold.
“They are really looking for those people in corporate environments and business environments and opening this e-mail and not just putting their own system at risk but their entire internal network business at risk,” says Sigler.
It is not the First time Hackers are using “disasters and outbreaks in order to lure potential victims and spread their malware,” says Trustwave in a blog. Earlier in March, Hackers capitalized on the missing Malaysian Boeing MH370, to lure victims into phishing sites, which urged victims to share Facebook video before viewing. By sharing the video, victims were unknowing spreading a malware that was used to hacks into Facebook accounts.
Last Week, The US Computer Emergency Readiness Team (US-CERT), warned the public of an uptick of phishing emails that “contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system,” said the organization, urging users to be extra-cautious while opening attachments and clicking links from unknown senders, sentiments echoed by Trustwave.
The general rule when dealings phishing scams is never to open attachments or click links from strange senders. Incase you must open the attachment, always use protected view which is enabled by default in many operating systems. In addition to common links with “leaked celebrity nudes”, watch out for Ebola-themed emails.