Phishing Campaign Draws on Fear Generated by Paris Attack
Posted by: Timothy Weaver on 11/21/2015 10:25 AM
[
Comments
]
Spammers are using the fear generated by the Paris attacks in a new spear phishing campaign.
Most of the attacks have been seen in the Middle East, but they have now been seen in Canada.
Malicious emails are falsely using the address of the Dubai Police Force in the United Arab Emirates to convince the recipient that the email contained official correspondence on how to avoid terror attacks. The emails usually contain two attachments. One is usually a PDF that is not malicious to convince the victim it is a legit email. The second attachment is the malicious one.
"The emails come with two attachments, one of which is a PDF file that is not actually malicious but acts as a decoy file. The malware resides in the other attachment, an archive, as a .jar file,” Symantec's Lionel Payet wrote.
The phishers are using a multiplatform remote access Trojan called Jsocket, which is a new tool from the same group that created AlienSpy RAT.
“While the group behind this campaign mainly targeted UAE-based companies and employees, we have also seen similar spear-phishing runs targeting three other countries: Bahrain, Turkey and, more recently, Canada,” Payet said, adding that Symantec believes the group is expanding its efforts further and it expects to see new countries targeted.
Source: SCMagazine
Most of the attacks have been seen in the Middle East, but they have now been seen in Canada. Malicious emails are falsely using the address of the Dubai Police Force in the United Arab Emirates to convince the recipient that the email contained official correspondence on how to avoid terror attacks. The emails usually contain two attachments. One is usually a PDF that is not malicious to convince the victim it is a legit email. The second attachment is the malicious one.
"The emails come with two attachments, one of which is a PDF file that is not actually malicious but acts as a decoy file. The malware resides in the other attachment, an archive, as a .jar file,” Symantec's Lionel Payet wrote.
The phishers are using a multiplatform remote access Trojan called Jsocket, which is a new tool from the same group that created AlienSpy RAT.
“While the group behind this campaign mainly targeted UAE-based companies and employees, we have also seen similar spear-phishing runs targeting three other countries: Bahrain, Turkey and, more recently, Canada,” Payet said, adding that Symantec believes the group is expanding its efforts further and it expects to see new countries targeted.
Source: SCMagazine
Comments
