On Friday, several of our users received phishing emails that contained PDF attachments, and reported these emails through Reporter. The PDF attachment is a slight deviation from the typical zip-with-exe or zip-with-scr; however, it’s still delivering malware to the user. [Read more...]
It’s about the time of year when people should be receiving tax refunds from the IRS, which gives attackers a great opportunity to craft phishing emails. PhishMe users recently reported a round of phishing emails purporting to be from the IRS about tax refunds:
The results are in… and we have a winner! After much deliberation among our panel, we’re pleased to announce Gareth Stanyon as our 2nd Annual Phish Throwdown winner. Gareth’s email “Corporate Information Security Breach” addressed a recipient who supposedly violated company policy regarding social media use. To respond to the allegations, the email directs the recipient to click on a link. The email is personalized with the recipient’s name, organization, and department.
Using tiny URLs to redirect users to phishing and malware domains is nothing new, but just because it’s a common delivery tactic doesn’t mean that attackers aren’t using it to deliver new malware samples. We recently received a report of a phishing email from one of our users here at PhishMe that employed a shortened google URL, and led to some surprising malware.
Through the power of user reporting, we received the report, discovered the malicious nature of the shortened URL, and reported the issue to Google – all within a span of 30 minutes. Google reacted quickly and took the link down shortly after our report. [Read more...]
We had a lot of fun with our Black Hat email contest last summer, but this year, it’s time to get personal. No, we’re not talking about chatting over dinner and a movie. We’re talking about a contest that takes off the gloves and brings the best recipe for a highly personalized spear phishing email. [Read more...]
While we have previously mentioned cyber-crime actors using Dropbox for malware delivery, threat actors are now using the popular file-sharing services to target nation-states. According to The Register, attackers targeted a Taiwanese government agency using a RAT known as PlugX (also known as Sogu or Korplug).
From an anti-forensics perspective, PlugX is a very interesting piece of malware. One of the main ways it loads is by using a technique similar to load order hijacking. [Read more...]
When analyzing tools, tactics, and procedures for different malware campaigns, we normally don’t see huge changes on the attackers’ part. However, in the Dropbox campaign we have been following, not only have the attackers shifted to a new delivery domain, but they have started to use a new malware strain, previously undocumented by the industry, named “Dyre”. This new strain not only bypasses the SSL mechanism of the browser, but attempts to steal bank credentials. [Read more...]
On Monday, I wrote about attackers using phishing attacks to deliver malware via links to Dropbox. Today, we received another wave of these emails with slightly different subject lines. Figures 1, 2, and 3 show the variants that were received by us in the latest campaign, and reported by our internal users. In this campaign, 10 of our users were targeted. [Read more...]
Several weeks ago, I wrote a blog entry about phishing emails using zip files with executable files attached to them. Using PhishMe Reporter, several of our users (yes, we use our own tools internally) successfully identified a new round of phishing, this time using Dropbox links in the body. [Read more...]