Researchers at ProofPoint have identified a new phishing campaign that is using the positive COVID-19 test of the President of the United States as a lure in the email. The email is being used to spread the BazarLoader trojan, which has been linked to the TrickBot gang. The email claims to have insider information about the health of President Trump but requires the victim to download a document to get the information. Once the victim attempts to download the document, a fake Google Doc message is displayed which states that Google scanned the document and it is not malicious. When clicking the link, the BazarLoader executable is downloaded instead of a Microsoft Word document. Once installed, BazarLoader allows the threat actors to have remote access to the computer of the victim and use it to compromise the rest of the network. In the end, it was seen that the Ryuk ransomware was being deployed on the infected network. This breach of one computer ultimately turns into a breach of the entire network allowing the threat actor to deploy ransomware.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.