Microsoft has warned that cyber criminals are taking advantage of the ongoing coronavirus crisis to trick users into downloading malware onto their devices.
In a statement on Twitter, Microsoft Security Intelligence said that hackers are posing as the “Usa Volunteer Organization” and the “Usa Humanitarian Group” and are sending out hundreds of emails offering free COVID-19 medical advice and testing.
Each email aims to install the Trickbot malware using “unique macro-laced” document attachments.
“Like in recent Trickbot campaigns, if allowed to run, the macro uses CHOICE.EXE to wait 20 seconds before downloading the info-stealing payload,” explained Microsoft’s Security Intelligence team. “Trickbot campaigns are known to delay malicious activities to evade emulation or sandbox analysis.”
The company also warned that new phishing campaigns are using the theme of remote working in an attempt to encourage victims to share personal data, such as bank details, over the phone.
“To further avoid raising a flag, phishers don’t put malicious URLs in emails. Instead, they leverage legitimate web services or use attachments that contain the link to the phishing site. In this example, phishers left the email body empty; message & link are in the attached PDF,” Microsoft explained over Twitter.
According to Microsoft 365 Security corporate VP Rob Lefferts, “the trendy and pervasive Trickbot and Emotet malware families are very active and rebranding their lures to take advantage of the outbreak”.
This content was originally published here.