Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Aussie and South Korean Citizens Targeted in Phishing Campaign

Researchers at Bitdefender Antispam Lab have spotted a recent phishing campaign targeting users since the beginning of May. The phishing campaign is targeting victims as they prepare for their tax deadline. 98.34% of the attacks appear to have originated from IP addresses in Bangladesh, with 76.08% of targeted users in South Korea, 17% in Australia, and 1% in the US. The subject of the emails usually contains something about “Account Legers for 2020-2021” and contains an attachment that is encouraged to be opened. The attachment is malicious and has been downloading Remote Access Trojans (RATs) onto victims’ computers. These RATs can be used for several things, including gaining administrative level access to a computer, and if paired with a keylogger, threat actors can steal credentials and gain access to numerous accounts including bank accounts. The threat actors can also use the RAT as a gateway to other malware such as ransomware, potentially encrypting the files on the machine after they are done to hold them for ransom.

Analyst Notes

Tax season has always been a common time for threat actors to begin targeting people with lures pertaining to filing taxes. Since the United States deadline to file taxes has passed, it is likely threat actors will focus on targeting other countries such as South Korea, whose deadline to file is May 31st. When dealing with emails from unsuspected senders, caution should be used when opening any attachments or clicking on any links. Unless the sender of the email can be verified, it is best practice to disregard any emails that could be malicious. If the email is sent to an email from a company, the email in question should be looked at by someone in IT or security before it is opened to determine if it has any malicious capabilities.

https://hotforsecurity.bitdefender.com/blog/threat-actors-target-south-korean-and-aussie-users-with-malicious-emails-disguised-as-accounting-ledgers-25835.html?web_view=true