Security News

A new phishing campaign is targeting U.S. taxpayers with documents that purport to contain tax-related content, but ultimately deliver NetWire and Remcos malware - two prolific remote access trojans which allows attackers to take control of victims' machines through a new phishing email scheme, Cybereason discovered. The new infection process is designed to evade antivirus tools and tricks targets into installing the malware via a tax-themed Word Document containing a malicious macro that downloads an OpenVPN client on the targeted machine.

US taxpayers are being targeted by phishing attacks attempting to take over their computers using malware and steal sensitive personal and financial information. "The potential for damage is serious and the malware allows threat actors to gain full control over a victim's machine and steal sensitive information from users or their employers."

A sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives, executive assistants and financial departments across numerous industries. The threat actors are leveraging phishing kits and a number of sophisticated methods at every step of the attack.

Phishing sites are now using JavaScript to evade detection by checking whether a visitor is browsing the site from a virtual machine or headless device. Cybersecurity firms commonly use headless devices or virtual machines to determine if a website is used for phishing.

The TA800 threat group is distributing a malware loader, which researchers call NimzaLoader, via ongoing, highly-targeted spear-phishing emails. The malware loader is unique in that it is written in the Nim programming language.

The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in COVID-19 vaccine development. Since December 2020, the US Department of Justice seized four other domains used by fraudsters for various nefarious purposes, including fraud, phishing attacks, and/or infecting targets' computers with malware.

A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims. The GandCrab ransomware operation started in January 2018 when it quickly became a malware empire threatening businesses worldwide.

Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims' companies.

The Financial Industry Regulatory Authority has issued an alert to warn brokerage firms of a phishing campaign that is currently ongoing. A not-for-profit organization, FINRA is U.S. government-authorized and overseen by the Securities and Exchange Commission.

Vaccine deployment has encountered bumps in the road as many people are still uncertain over when, where and how to get their shots. Pointing to one example, Check Point said it recently discovered a malicious website impersonating the U.S. Centers for Disease Control and Prevention and promising vaccine information.