Phishing campaign delivers data-stealing malware via fake court summons emails

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A newly uncovered hacking campaign is targeting employees in the insurance and retail industries with phishing emails, claiming to be from the Ministry of Justice, that infect the victim with information-stealing malware.

Uncovered by researchers at cybersecurity company Cofense, the phishing emails have the subject 'Court' and feature UK Ministry of Justice logos. They claim to provide information about 'Your Subpoena', and ask the victim to click a link because they've been ordered to attend a law court and have 14 days to comply. There's no information about what the court case supposedly relates to.

If victims click though to the link, they're directed to a cloud hosting provider which redirects them to a document containing Predator the Thief, the malware can steal usernames, passwords, browser data and the contents of cryptocurrency wallets, as well as take photos using a webcam.

The phishing emails use a number of layers to hide the malicious intention of the message from security software. The email contains a Google Docs link which, if clicked, automatically redirects the user to Microsoft OneDrive, which delivers a Microsoft Word document to the victim. As in many other phishing campaigns, the document asks users to enable macros; if they do, the malware is downloaded via PowerShell.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top