Ukraine warns of “chemical attack” phishing pushing stealer malware

Gandalf_The_Grey

Level 61
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,009
Ukraine's Computer Emergency Response Team (CERT-UA) is warning of the mass distribution of Jester Stealer malware via phishing emails using warnings of impending chemical attacks to scare recipients into opening attachments.

As the war between Russia and Ukraine continues, the threat of escalation in using more lethal weapons remains a concern.

Ukrainians live under this constant fear, so these phishing emails pretend to be warnings of chemical attacks to ensure that recipients won’t ignore their messages.

The full text of the machine-translated phishing email can be read below:

"Today the information was received that chemical weapons will be used at 01.00 at night, the authorities are trying to hide it in order not to panic the population. Urgently get acquainted with the places where chemical weapons will be used and the places of special shelters where we will be safe.
Help us to disseminate the information attached to the document in the letter as much as possible. map of the zone of chemical damage.
We need to save as many lives as possible!"

These phishing emails contain XLS documents laced with malicious macros, so if the file is opened and content is enabled in Microsoft Office, an EXE payload will be fetched from a remote source and executed on the computer.