Malicious Campaign Resurfaces as it Targets French-Speaking Employees; Symantec
As per Symantec, the security company, a campaign by online-criminals has yet again emerged as it uses a combination of phone calls that are socially-engineered, and personalized spear phishing e-mails carrying malicious software for filching cash from organizations, while targeting people who particularly speak French.
The unique assault, which Symantec originally identified last year (2013) in August, began during May 2013, while being nicknamed "Francophoned."
The assault involves crooks dispatching one spear-phishing electronic mail seemingly having one invoice targeted at certain employee belonging to a multi-national firm.
Subsequently, the attackers ring up the recipient to direct that he/she should complete the invoice's processing. In reality, this invoice is one malware sample, which helps the criminals gain admission into the organization's computer network.
Symantec' security researchers, during October 2013, found one fresh assault. During October 2013-January 2014, the identical socially-engineered tactics were employed along with the identical malware sample named Blackshade or Shadesrat.
But, the criminals utilized fresh hijacked domains for supporting their malware. In addition, with a more aggressive approach, they started phoning the victims and so duped them that would view the malware-laced electronic mail.
Then during February 2014, the researchers noticed certain important changes. The crooks employed one fresh variant of Trojan.Rokamal to substitute the payload. They further began using fresh hijacked domains for delivering Rokamal.
And whilst they continued using the original CnC servers, because they began employing one fresh malware sample, it raised the total number of contaminations.
The capabilities of Rokamal ranges from downloading as also running malevolent files; filching data; creating backdoors for aiding criminals access the infected PCs; execute DDoS (distributed denial-of-service) assaults; as well as mine cryptocurrencies.
Organizations that were targeted with Francophone campaigns belonged to various sectors like research, education, manufacturing, government, medical, energy, marketing, automotive, law, financial and construction. Nevertheless, of these, the most attacked sectors were research, government and education, being responsible for 62% of all businesses that the campaign affected, indicates Symantec.
Conclusively, Symantec urges end-users for handling suspicious e-mails carefully, eschewing following dubious web-links alternatively viewing dubious attachments. Moreover, they must confirm an individual's identity while getting any phone-call of a commercial type.
» SPAMfighter News - 07-05-2014