Black Lives Matter is the latest hook bad actors are using to persuade people to open email attachments containing malware, according to Bitdefender’s telemetry.
Criminals use any new massive event to accelerate the spread of various malware campaigns. Proof of that, as if there any further evidence were needed, is the COVID-19 pandemic. Bad actors have used it as a cover to send emails that seemed to originate from official sources with the single purpose of infecting as many computers as possible.
The latest trend in spreading malware is piggybacking on the Black Lives Matter protests underway right now in the United States that have captured the attention of the entire planet. Spam emails with malware attachments have been floating around for a few weeks now.
Most of the messages in the emails intercepted by Bitdefender are not all that complex. They only have a single phrase that might differ slightly: Vote anonymous about “Black Lives Matter”, Let us know your opinion anonymous about “Whose Lives Matter”, Give YOUR Feedback confidentially about “Black Lives Matter”, Give your opinion anon about “Whose Lives Matter”, and similar variations. You can check out one of the samples at VirusTotal.
Such spam and malware campaigns are not all that original. Most of the time, the only thing that changes is the message in the email, with the malware file remaining the same, no matter the campaign. In this case, the files have a Trojan embedded, a tainted file using the Macro functionality in Microsoft Office.
When a user opens the attachment, a number of commands are executed, allowing a script to download a dropper, which installs the malware. Once the Trojan is installed, it communicates back to the command and control center, allowing a remote attacker to take over.
As usual, users are advised never to open emails or attachments from unknown sources and to use a security solution on their devices, whether it’s a laptop, a PC or a phone.