Phishing campaign throws Shade ransomware at Russians

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Attackers this month have revived an email phishing operation that targets Russian speakers with Shade ransomware served via malicious JavaScript attachments.

The scam first emerged in a campaign that began in mid-October of last year, before dying down over the holiday period. But January ushered in a more intense second phase that doubled the previous campaign’s attack volume, reported Juraj Janosik, senior software engineer at ESET, in a company blog post on Monday.

Janosik said that 52 percent of the Shade attachments ESET detected between Jan. 1 and Jan. 24 went to Russian addresses, while the next most targeted countries were Ukraine, France, Germany and Japan.

The phishing emails feature Russian subject lines and content that attempt to trick recipients into believing they have received order updates from legitimate organizations such as Russian bank B&N Bank and the retail chain Magnit. One sample email was supposedly sent from a company manager with details from an unspecified order.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top