It is not a secret to the world that US President Donald Trump got infected by the Coronavirus and had to spend some time in the hospital and this has made global headlines.
There is a broad range of people within the political scene that are interested in learning about what is going on with his health.
With this information, it is not surprising that cybercriminals will capitalize and exploit the situation which piques the interest of many.
They already have an email campaign spamming people about Donald Trump’s hospitalization and return to the White House. This email campaign contains a malicious link that offers more information regarding his health. If you are curious enough, you might end up opening it.
The most common keywords they use as subject lines are as follows but not limited to:
“Recent materials pertaining to the president’s illness”, “Newest information about the president’s condition”, and “Newest info pertaining to President’s illness”.
And the email mostly contains these contents:
What we really know and even what we don’t about Trump’s COVID health problems.
Insider information about Trump’s][health condition, please remember to use the code because the record is encrypted: 123[LINK]
The curious user who clicks on the link would normally be directed to a Google Doc.
Lo and behold the document contains another link to a malicious webpage where the malware can download and run itself. It is quite deceiving since the online scanner would make you think the file is safe.
A very sneaky strategy indeed.
It lures you enough to make you curious and then give you a false sense of security that the Google Doc is safe, which makes you lower your defenses leading to you opening the malicious link. With the file coming from a trusted domain like docs.google.com, email and security software are unlikely to block it.
If the user is thirsty for information or news insider scoops, they might even share it with their friends and the end result would be a catastrophe.
A backdoor trojan dubbed BazarLoader would jump into your computer once you open the link.
If BazarLoader (sometimes called BazaLoader) infects your PC, it could lead to multiple infections. They can steal information and they might even do something like an exploit to exfiltrate data and possible ransomware which would make you pay a hefty price.
The group that developed the malware has done similar tactics in the past which uses different sets of keywords such as emails about customer complaints, COVID-19-themed payroll reports, and employee termination lists – all with links to documents on Google Docs.
If the fake news is juicy enough, it may succeed in infecting a lot of people, so it may just be revamped to fit whatever interesting story they can capitalize on next. It might definitely happen in the coming months.
Better get your news from trusted news outlets instead of getting it from unsolicited email. It may sound interesting but it is definitely dangerous. Just like what your parents told you, do not open the door to strangers, this also applies to emails too…