Security researchers have discovered a new email attack campaign using public interest generated due to the recent outbreak Ebola virus to infect users with a banking trojan.
The attackers in question have created an email template designed to spoof a World Health Organization (WHO) missive on Ebola, which contains links to three ‘factsheets‘ on how to prevent the deadly virus, according to Proofpoint.
Clicking on one of those links will take the user to a landing page mimicking a genuine WHO Ebola factsheet, which is “almost indistinguishable from the original,” the vendor said in a blog post.
“When the page loads, it requests permission to run a Java applet that will attempt to load a variant of the popular Zeus banking Trojan on the user’s machine,” Proofpoint stated.
“Even with a security warning and suspicious hosting location (wsh3ll.bplaced[.]net), it’s not surprising that some users will click.”
Once the potential victim has downloaded Zeus, it will install itself and work as a typical banking trojan, although it also displays some RAT-like characteristics.
A fortnight ago, Symantec reported three malware operations and a phishing campaign using Ebola as a social engineering theme.
The phishing campaign in question spoofs a CNN ‘breaking news’ email promising information on which regions are affected by Ebola and how to avoid infection with the virus.
Clicking on any links in the email will take the user to a web page where they are asked to select an email provider and input their user log-ins. These are then sent to the phisher, while the unwitting user is redirected to a real CNN page.