Hackers are baiting their victims with stolen financial data in a clever phishing scheme. Over 400,000 data points, including identity numbers, names, phone numbers, and payment records, are used to persuade consumers to click on a malicious link. This link downloads a potent virus called BitRAT that can steal passwords, spy on users, and install crypto mining software. In order to spread the remote access trojan known as BitRAT, the new campaign utilized confidential data taken from a bank as bait in phishing emails convincing victims to download a suspicious Excel file. BitRAT is a well-known remote access trojan (RAT) sold on dark web markets and forums used by cybercriminals. Because it costs $20 for a lifetime membership, it attracts all sorts of hackers and promotes the propagation of harmful payloads. In addition, the fact that BitRAT can be utilized in a range of activities, including phishing attacks, trojanized software, and watering hole attacks, makes it much more difficult to block. Although the hacker group responsible for the campaign is currently unknown, it is believed that they used SQL injection flaws to compromise the IT network of a Colombian cooperative bank. This is a typical method used by hackers to trick a database into producing an error message so they may discover the layout of the database. The exposed information includes, among other things, ID numbers (national resident identity), phone numbers, email addresses, customer names, income information, payment history, and residences. There are no indications that the information has been posted on any forums. However, this does not mean that consumers should not worry. The threat actors could use the obtained data to carry out phishing attacks themselves. The exfiltrated bank data file also has a macro embedded that downloads a second-stage DLL payload programmed to fetch and run BitRAT on the infected host. According to Qualys researcher Akshat Pradhan, the infected file downloads BitRAT embedded payloads from GitHub to the %temp% directory via the WinHTTP library. The GitHub repository, established in the middle of November 2022, stores encoded BitRAT loader samples, which are later decoded and launched to finish the infection chains. It’s crucial for business owners to be aware of these types of threats. Businesses can take proactive measures to protect their systems and sensitive data. Training employees to recognize and avoid suspicious emails and links and ensuring all systems are kept up-to-date with the latest security patches are just a couple of ways business owners can reduce the risk of falling victim to cyber-attacks.
“Mass Logger,” a new keylogger on the market, has the potential to become extremely dangerous for businesses and individuals. Keyloggers are a type of malware, usually found within phishing campaigns, that store all information you type into your computer. These malicious programs can lead to many of your passwords becoming compromised. Why is This Key Logger so Dangerous? Mass Logger is different from other key loggers. The developer of Mass Logger is frequently updating this key logger to help it remain undetected through automated antivirus solutions. Furthermore, support from the developer allows other cybercriminals to assist with and make requests for the malware. Cofense Intelligence has already identified a phishing campaign hiding Mass Logger. Emails loaded with GuLoader, a popular malware delivery mechanism that downloads encrypted payloads hosted on legitimate file-sharing platforms is also being used to deliver Mass Logger. A New Kind of Keylogger Additions and features, such as the ability to spread itself through USB ports, set Mass Logger apart from other key loggers. Mass Logger is also able to search for specific file extensions and exfiltrate them. These “features,” and the key loggers continued support from its developer, could see Mass Logger being adopted by a large portion of cybercriminals. Defending Yourself from Mass Logger Defending yourself from malware is tiresome but a necessary task when online. Ensure that you are watching out for suspicious emails from unknown senders. Never open attachments from people you are unfamiliar with or do not know. Merely opening an infected attachment is all malicious programs need to begin infecting your system. Ensure that you trust the sites you are downloading programs from and that they are reputable. If you are worried about your company and want your employees to understand the importance of practicing cybersecurity daily, call Hammett Technologies. We are certified experts and will ensure your business runs at top speed without cutting corners on cybersecurity.
What should not come as much of a surprise to anyone, criminals are using COVID-19 as a jumping point for new scam call campaigns and phishing email attacks. These attacks have become so prevalent that the CDC has released a statement and some helpful tips on how to make sure your sensitive information stays safe. Phone Scams There are many apps and websites that allow people to disguise their phone number and identity. Phone scammers are using these apps and websites to make it appears as if their phone call is originating from within the CDC. Either through direct conversation or by leaving a voicemail, these scammers attempt to have you reveal sensitive information about yourself (credit card information, social security, etc.). These kinds of acts are considered “impersonation fraud” but are challenging to track down and pursue due to how they originate. To keep yourself safe, avoid picking up the phone when you do not recognize the number. If you do happen to pick up, do not reveal any sensitive information over the phone to someone you do not know, regardless of who they claim to be affiliated with. If you find yourself on the phone with someone to suspect to be a scammer, hang up on them immediately, block the number they called from, and report them to the Federal Communications Commission (FCC). Phishing Attacks Phishing emails are malicious emails created by cybercriminals in an attempt to steal your sensitive information. Phishing attacks have always been around, but with COVID-19, cybercriminals have a convincing means of scaring and persuading some people to either give out confidential information or access their machine by clicking malicious links. Phishing emails, similar to the scam phone calls, are disguising themselves as emails sent from the CDC. These emails contain attachments regarding infection-prevention measures. These attachments are usually embedded with viruses that can steal your information and track your online browsing. Protecting yourself from phishing attacks in simple but must be continuously practiced when online. Here are a few safety tips: Never open emails from someone you do not know Be careful when obtaining information regarding COVID-19 from third parties. Go directly to the government website for official updates and safety tips. If links are embedding within the email, hover over them before clicking on them to see where they will take you. If the email comes from someone you do not know, do not open attachments. Never provide sensitive information over email, to anyone. Staying Safe; Online and Offline Coronavirus has caused Americans many issues regarding work and general health safety. Unfortunately, people out there have sought to take advantage of this situation and cause more havoc. We hope that this information finds you and your data safe and well during these trying times. If you have any questions or concerns, give us a call! We are happy to assist!
Another example of how someone will attempt to trick you into giving out your personal information! Please, make sure you are always paying attention when going through your email. If an email appears sketchy, it most likely is! Most of the time, the biggest give away is the senders email address! The email address “accounts@office365.micros0ft.tech” should stand out as a red flag. Upon closer inspection you will notice that the “O” in Microsoft is in fact a “0”(zero). Once you notice something like this, make the email as spam and move along! Remember to always be on the lookout! If possible, get in contact with the company that email appears to be from! This will help you gain peace of mind, as well as notify the company of a possible issue!