Malware News New Voldemort malware abuses Google Sheets to store stolen data

Gandalf_The_Grey

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
Content source
https://www.bleepingcomputer.com/news/security/new-voldemort-malware-abuses-google-sheets-to-store-stolen-data/
A new malware campaign is spreading a previously undocumented backdoor named "Voldemort" to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia.

As per a Proofpoint report, the campaign started on August 5, 2024, and has disseminated over 20,000 emails to over 70 targeted organizations, reaching 6,000 in a single day at the peak of its activity.

Over half of all targeted organizations are in the insurance, aerospace, transportation, and education sectors. The threat actor behind this campaign is unknown, but Proofpoint believes the most likely objective is to conduct cyber espionage.

The attack is similar to what Proofpoint described at the start of the month but involved a different malware set in the final stage.
Click to expand...
A new Proofpoint report says the attackers are crafting phishing emails to match a targeted organization's location based on public information.

The phishing emails impersonate taxing authorities from the organization's country, stating that there is updated tax information and includes links to associated documents.

Clicking on the link brings recipients to a landing page hosted on InfinityFree, which uses Google AMP Cache URLs to redirect the victim to a page with a "Click to view document" button.

When the button is clicked, the page will check the browser's User Agent, and if it's for Windows, redirect the target to a search-ms URI (Windows Search Protocol) that points to a TryCloudflare-tunneled URI. Non-Windows users are redirected to an empty Google Drive URL that serves no malicious content.

If the victim interacts with the search-ms file, Windows Explorer is triggered to display a LNK or ZIP file disguised as a PDF.
Click to expand...
www.bleepingcomputer.com

New Voldemort malware abuses Google Sheets to store stolen data

A campaign that started on August 5, 2024, is spreading a previously undocumented malware named "Voldemort" to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: Moonhorse and TuxTalk

Similar threads

Gandalf_The_Grey
    • Like
Security News Fake Google Meet conference errors push infostealing malware
Replies
2
Views
1,290
Security News
Andy Ful
Andy Ful
Gandalf_The_Grey
    • Like
Malware News Malware locks browser in kiosk mode to steal Google credentials
Replies
0
Views
1,487
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
Malware News Over 6,000 WordPress hacked to install plugins pushing infostealers
Replies
1
Views
1,083
Security News
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top