2 mails with different gz attachment contain the same chm file. This downloads and launches the malware. Stolen data is exfiltrated thanks to the FTP of a Bosnian company.
Covid-19 and unemployment lures for phishing in United States. Inky cybersecurity experts discovered a mail and a site that impersonates the U.S. federal government
Covid-19 emergency has been used by cybercrime actors to spread a new phishing campaign in United States, with emails purporting to be from government agencies. The lures are fake offers of federal assistance, especially for unemployment. It has been discovered by Inky cybersecurity experts. The link in the message directs the victims to a hijacked domain that impersonates the U.S. federal government. In the first page, users have to digit their name and date of birth. In the second, the SSN Number, Driver License, Address with Zip and State, an email, phone number, and nformation about previous employer or business. Once the process has been completed, the last page communicates that users are adviced than an operator would cointact them as soon as possible.
Bleeping Computer: Another phishing attemp against American users exploits a fake page of the Unemployment Insurance Relief program. In every case the goal is to steal PII and sensitive data
According Bleeping Computer, another Covid-19 phishing mail directs the victim to a fake U.S. Unemployment Insurance Relief program page. Then, user is requested to digit username and password. After getting the data, the victim is redirected to the genuine page. In every case, the objective is to steal Personally identifiable information (PII) and sensitive data. The coronavirus lure, moreover, is used in many different campaigns wordlwide, still active.