We’ve said this before, and we’ll say this again. Cybercriminal community needs to understand the gravity of the situation before they devise an attack method on the latest topical theme. Though anything they do is atrocious, this time they have become completely heartless and ignorant to the situation.
This isn’t the first time though, a couple of months back while the world was collectively suffering from COVID-19 pandemic, a hacker group started spreading fake coronavirus related phishing emails, impersonating Donald Trump and White House members. In another report, global organizations, researching on coronavirus treatment, such as WHO, NIH, Gates Foundation employees’ 25,000 Emails & Passwords got leaked.
But before returning back to the evil scam running in the name of Black Lives Matter (BLM), we just want to take a moment to talk about this prestigious movement that will potentially be written down in our history books (that is if we survive 2020). As mentioned in their Wikipedia page, BLM stands for systemic racism against black people. A closer look at the outrageous events (since the 19th century (documented) and before) that have led to this global phenomenon will support their just cause. We, at Hack Reports, stand in solidarity with our Black brothers and sisters around the world and are making our small contribution in helping their fight against injustice.
Black Lives Matter Scam: Phishing Emails Voting Campaign
Amidst the widespread ‘Black Lives Matter’ protests, a fraudulent email is dropping into American citizen’s inboxes asking them to vote on the issue. This phishing attack was first noticed by a cybersecurity firm, Abuse:
The said email appeared genuine at first glace with an innocent subject line saying: Vote anonymous about “Black Lives Matter”
But the body text displays just a single line prompting towards a malicious packet in the attachment. The real threat is in this document, named as 'e-vote_form_3438.doc’, which opens up to a message saying:
To view this content, please click “Enable Editing” from the yellow bar and then click “Enable Content”
Seems legit, right? Well, as soon as the user clicks on the said buttons, the document launches into an automatic sequence to download and execute a malicious DLL (Dynamic Link Library) on the victim’s computer.
Black Lives Matter ‘TrickBot’ Attack
The above mentioned DLL file is actually a TrickBot malware, which has been infamously associated with banking cybercrimes in the past. It functions by spreading laterally across a network to literally steal files, saved credentials, cookies, security keys and more. It further downloads more modules and creates a channel to allow other attackers to install ransomware.
As clear from its behavioural pattern, TickBot trojan should not be taken lightly. Once this infection digs in its claws, the victim will bear devastating impact and lose valuable sensitive information. Anyone from a business, institution, banking sector or even a home user is at risk.
It is evident that this hacker (or group) is clearly capitalizing on the Black Lives Matter movement as an excuse to gain trust of helpful citizens. Like we said this isn’t the first time or the last, so keep an eye on such scams in the future.
Stay Updated, Stay Safe!