Cybercriminals are using Black Lives Matter emails to deploy malware
Ever since the custodial murder of George Floyd at the hands of Minneapolis Police Officer, Derek Chauvin, the United States has been on a boil. Add to that yesterday’s cowardly killing of Rayshard Brooks by Atlanta Police Department officials. These two killings have brought much of America to a standstill with protests happening in the nooks and corners of the US towns and cities. The African-American protection movement, Black Lives Matter is back and with it are new threat vectors. Since the Black Lives Matter is such a hot subject today that even cybercriminals are hooking on to it to infect users with malware.
According to a new report by Bitdefender, cybercriminals are sending emails by tonnes to possible targets with the subject line Black Lives Matter. The emails contain news stories about the killing of George Floyd or Rayshard Brooks and protest stories. But it is the attachment that matters. The VirusTotal discovered that these BLM emails have highly potent malware like :
- VB: Trojan.VBA.Agent.BFO
- Script:SNH-gen [Trj]
- A Variant Of VBA/TrojanDownloader.Agent.TH
The emails have been flagged by different anti-virus software like Fortinet, Avast, F-Secure, etc. Bitdefender’s report suggest that there is a massive spike in such emails after the Brooks killing. After the COVID-19 emails containing similar malware payload, the Black Lives Matter seems to be the current hot favorite among cyber crooks.
Bitdefender analyzed some of the messages these cybercriminals sent to victims. Most of them only have a single phrase which says something like: Vote anonymous about “Black Lives Matter”, Let us know your opinion anonymous about “Whose Lives Matter”, Give YOUR Feedback confidentially about “Black Lives Matter”, Give your opinion anon about “Whose Lives Matter”, and similar variations.
All such emails have an embedded Trojan that has ability to steal your confidential information like banking passwords, email passwords, hijack your social media accounts and log your keystrokes on the keyboard. When a user opens the attachment, a number of commands are executed, allowing a script to download a dropper, which installs the malware. Once the Trojan is installed, it communicates back to the command and control center, allowing a remote attacker to take over.
IF you receive any mail with subject line Black Lives Matter, open it with extra vigilance as it could be one of the above spam emails containing malware.