The message rar attachment contains an executable file: the malware itself. Stolen data is exfiltrated with smtp.
Automated translators are one of cybercrime’s worst enemies, especially in phishing and malspam campaigns. To maximize their dissemination, the texts of the mail are translated into several languages, but without control. With disastrous and sometimes comic results
One of the worst cybercrime enemies, when malspam scam campaigns are prepared, are not antiviruses or users: but online translators. This is revealed by the discoveries made in recent years by cyber security experts. The baits are often tempting and could lead the victim into error by opening the malicious file or link. What just doesn’t work, however, are the messages. Cyber criminals try to attract as many “targets” as possible by changing the language of the text. However, in order not to waste time, they mainly use automatic translation tools and do not check what the result is. This, in fact, in many cases is incomprehensible when it does not become comical. There are also groups that create almost perfect traps, but they are the minority. Most campaigns suffer from extremely obvious grammatical and syntactical gaps.
Cyber security experts: what is a vulnerability for cyber criminals can become a weapon for victims. By reading the messages carefully, in fact, many scams can be avoided
According to cyber security experts, this superficiality is an important flaw of cybercrime and a weapon, which instead can be exploited by victims. Reading malspam’s messages well, in fact, you can easily understand that it is a fraud and avoid the trap. There are also emails in which the name of the recipient is not specified in the text, but a generic “Dear Sir / Madame” or similar. This is an additional indicator that it is a fake. At a time when marketing is extreme and offers are “tailored” to the supposed needs of the individual, no company would address him in a generic way. Moreover, there are cases in which even the “incipit”, thanks to automatic translators, becomes ridiculous. The reecDeep researcher has discovered, for example, a phishing attack with an alleged Amazon email, in which the sender greeted the recipient with a “Ciao” (btw only understandable word).
Photo Credits: reecDeep