A Dridex phishing campaign has been mocking victims using a COVID-19 funeral assistance helpline number. The phishing emails are using weaponized Excel or Word attachments to lure their targets.
Understanding the campaign
According to researchers, the attackers are taking advantage of the rapid spreading of the COVID-19 Omicron variant.
- The spam messages come with the subject COVID-19 testing results and tell the recipient that they were exposed to a coworker who tested positive for the new Omicron variant.
- The message tricks the victims into enabling the macros to view the content of the attachments. It contains an Excel attachment protected with a password, which is mentioned in the message.
- Upon entering the password, a blurred COVID-19 document is displayed that asks to ‘Enable Content’ to view it.
- Then, the malware mocks the victims by showing an alert including a fake number for the COVID-19 Funeral Assistance Helpline.
A recent attack trolling researchers
This is not the first time that cybercriminals have been observed trolling victims with messages. A week ago, cybercriminals were sending fake employee termination letters displaying merry X-Mas to employees. Here, the attackers were trolling researchers with racist and antisemitic words.
Conclusion
Phishing emails talking about the Omicron variant are spreading widely and are effective in spreading malware. Cybercriminals are known for taking advantage of current events and ongoing situations. Be watchful of messages and emails from unknown sources.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/2afd_shutterstock_2022933251_1.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/7faa_shutterstock_1476236549.jpg)
