Black Lives Matter Emails Deliver TrickBot Malware

[btc_angela]

Just a matter of time before this bad actors uses BLM as agenda for them to spread malware.

Malspam emails are claiming to deliver a survey on BLM — but in reality they deliver the infamous banking trojan.

Cyberattackers are seizing upon the 24-hour news cycle again in order to capitalize on the current zeitgeist – this time with a fake Black Lives Matter malspam campaign that distributes the TrickBot malware.

https://threatpost.com/black-lives-matter-emails-trickbot-malware/156497/

So everyone just another to be very careful specially that criminals are trying to capitalised with this hottest movement globally. Don't try to click it, because it will infect your machine by downloading a DLL file without you noticing it.

This trickbot malware will steal everything, from banking credentials, files, including your crypto passwords.

Sample Email

Code:

e-vote_form_8748.doc

More info about trickbot: https://blog.malwarebytes.com/detections/trojan-trickbot/

[xxjumperxx]

Thanks for the heads up.

Some Emails are made to look serious but this one is just plain bad but jumping onto the Black Lifes Matter Subject which is Subject #1 right now.

I mean, there will probably be people that click the File and download it, there will always be.

Use common Sense people, don't click on files that you were not expecting or that look suspicious....

[DdmrDdmr]

Many of these situations occur to the trending topics of the moment, and/or are related to commonly received invoices and such. The fact that their attack gateway is often through an attached file, be it an executable file (more obvious) or an office file (less obvious to many) begs for extreme caution, and for one to simply avoid the habit of clicking before verifying exhaustively the source.

I often triple check the email sender for common invoices, and generally prefer to go to the invoicer’s website, and enter my account there to see the relevant information. Unknown sources are simply ignored in my case.

You should even be wary of known sources: sometimes emails get hacked, and you could receive a malicious attachment from a known source. On other occasions, the email can be made to look like its from a known source (i.e. similar name).

[smyslov]

Not really the first time when COVID was just starting our there was a software where scammers are sending where you track people and country with COVID infection in real time that was exposed and now this, people should be aware that if there are big events expect scammers to exploit this opportunity to hack and scam people.

[xxjumperxx]

Not really the first time when COVID was just starting our there was a software where scammers are sending where you track people and country with COVID infection in real time that was exposed and now this, people should be aware that if there are big events expect scammers to exploit this opportunity to hack and scam people.

Yes its these big events/situations that people use to get the best of us...
When we are not really paying any attention and they to catch us when were not expecting it.

[AakZaki]

~snip~
I mean, there will probably be people that click the File and download it, there will always be.

Use common Sense people, don't click on files that you were not expecting or that look suspicious....

must have been there and become a victim of the malware. people who are not concerned with security and override the security of their devices usually don't think twice about clicking on spam emails like that.

now more spam emails are coming in and trying to infect devices all over the world.

Providing security by installing antivirus which is always updated to be an effective way to avoid and prevent being infected with malware or viruses of this kind.

[Red-Leonard2]

just had a spam phone call today from ISP (btinternet) saying I was doing 'illegal activity' and my line will get cut in 24hrs time, gave me a number to call back on...


seems like they want me to pay for their virus removal services, I think not!

[CryptoYar]

This bot is very dangerous, I searched on Google, then I got a lot of information which I am putting here too.

 

• Redirection attacks send victims to fraudulent banking site replicas when they navigate to certain banking websites. This fake website is hosted on the cyber threat actor’s (CTA) server and harvests the victim’s login information.

• A server side injection intercepts the response from a bank’s server and redirects it to the CTA’s server. The CTA’s server injects additional code into the webpage before it is returned to the client. The CTA can then steal the victim’s banking credentials through form grabbing. Form grabbing records sensitive information typed into HTML forms, such as usernames and passwords.

just had a spam phone call today from ISP (btinternet) saying I was doing 'illegal activity' and my line will get cut in 24hrs time, gave me a number to call back on...


seems like they want me to pay for their virus removal services, I think not!

Maybe these people ask for money from you but do not send money, nowadays offices are closed, perhaps the scammers want to take advantage of this, I think you should call the helpline number.

[TravelMug]

This bot is very dangerous, I searched on Google, then I got a lot of information which I am putting here too.

 

• Redirection attacks send victims to fraudulent banking site replicas when they navigate to certain banking websites. This fake website is hosted on the cyber threat actor’s (CTA) server and harvests the victim’s login information.

• A server side injection intercepts the response from a bank’s server and redirects it to the CTA’s server. The CTA’s server injects additional code into the webpage before it is returned to the client. The CTA can then steal the victim’s banking credentials through form grabbing. Form grabbing records sensitive information typed into HTML forms, such as usernames and passwords.

Every malware by threat actors are very dangerous by design. Initially those are create to target people who uses banking apps online. But they have evolved and now re-design their malware to go after crypto individuals.

And considering that they take advantage of BLM, there could be individuals who are going to fall for it. Catchy phrases, subjects of the emails, attachments really very hard to identify unless you really use your brain and think logically so that you won't be the next victim.

[pakhitheboss]

Thanks for sharing this important update.

Such issues are creating a negative image of a movement that is for the benefit of a particular community. Most scammers use such issues to fund their own personal objectives.

Few days back I heard another news about a token created to fund this movement, which ofcourse it was not.

I am always careful about mails that I recieve but such mails are hard to ignore. Thanks for the heads-up.