The specter of a copyright infringement declare has change into the most recent manner for malware operators to trick their targets.
Researchers with Cisco Talos report that an ongoing assault in Taiwan is being unfold by way of phishing emails that include malware attachments.
Concentrating on companies and promoting corporations, the emails will pose as a authorized discover from both a copyright holder a authorized consultant of an organization making a copyright declare. Connected to the message can be a supposed PDF attachment that presents itself as a authorized doc with particulars on the criticism.
“The decoy e-mail and faux PDF filenames are designed to impersonate an organization’s authorized division, trying to lure the sufferer into downloading and executing malware,” wrote Cisco Talos researcher Joey Chen,
“One other statement we discovered is that the pretend PDF malware makes use of the names of well-known know-how and media corporations in Taiwan and Hong Kong. This gives sturdy proof that the menace actor carried out thorough analysis earlier than launching this marketing campaign.”
As soon as the sufferer opens the attachment, which presents itself as a PDF however is definitely an executable, they’re redirected by way of a Google Appspot.com area that then routes by way of one other third-party URL shortening service earlier than lastly arriving at a Dropbox area.
That area then infects the sufferer with the precise payload: an info-stealing malware designed to reap account credentials and different private element. The malware was recognized as being both LummaC2 or Rhadamanthys, which can be found on darkish net markets.
“The an infection chain begins with a phishing e-mail containing a malicious obtain hyperlink,” Chen defined.
“When the sufferer downloads the malicious RAR file, they are going to want a particular password to extract it, revealing a pretend PDF executable malware and a picture printing file.”
Chen stated that attributing the assault to anyone group is tough given the obfuscation techniques the operators make use of.
“Pivoting off the EPS file metadata and its preview picture on a search engine, we discovered an equivalent picture with the identical file title on a Vietnamese-language web site,” the researcher wrote.
“Nevertheless, there is no such thing as a sturdy proof that it was created by an creator from that area.”
