Researchers at ProofPoint have identified a new phishing campaign that is using the positive COVID-19 test of the President of the United States as a lure in the email. The email is being used to spread the BazarLoader trojan, which has been linked to the TrickBot gang. The email claims to have insider information about the health of President Trump but requires the victim to download a document to get the information. Once the victim attempts to download the document, a fake Google Doc message is displayed which states that Google scanned the document and it is not malicious. When clicking the link, the BazarLoader executable is downloaded instead of a Microsoft Word document. Once installed, BazarLoader allows the threat actors to have remote access to the computer of the victim and use it to compromise the rest of the network. In the end, it was seen that the Ryuk ransomware was being deployed on the infected network. This breach of one computer ultimately turns into a breach of the entire network allowing the threat actor to deploy ransomware.
12 Essentials for a Successful SOC Partnership
Binary Defense
January 12, 2023
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security
