Attackers this month have revived an email phishing operation that targets Russian speakers with Shade ransomware served via malicious JavaScript attachments.
The scam first emerged in a campaign that began in mid-October of last year, before dying down over the holiday period. But January ushered in a more intense second phase that doubled the previous campaign’s attack volume, reported Juraj Janosik, senior software engineer at
ESET, in a company
blog post on Monday.
Janosik said that 52 percent of the Shade attachments ESET detected between Jan. 1 and Jan. 24 went to Russian addresses, while the next most targeted countries were Ukraine, France, Germany and Japan.
The phishing emails feature Russian subject lines and content that attempt to trick recipients into believing they have received order updates from legitimate organizations such as Russian bank B&N Bank and the retail chain Magnit. One sample email was supposedly sent from a company manager with details from an unspecified order.