DBO595

HB1PMS > TECH     04.02.20 10:02l 97 Lines 4356 Bytes #999 (0) @ WW
BID : 924HB1PMS
Read: GAST
Subj: Emotet Gang Attempts to Infect Japanese Targets wi
Path: DBO595<DBX320<FRB024<BBS645<NL3TD<NL3PRC<GY1BBS<HB1BBS
Sent: 200203/1526Z 6855@HB1BBS.ZL.NLD.EU BPQ6.0.19

Van: HB1PMS@HB1BBS.ZL.NLD.EU

Emotet Gang Attempts to Infect Japanese Targets with the Scare of 
Coronavirus

January 31, 2020 | Identity Theft, Fraud, Scams 

no, monitor, table, antivirus, tools, malware, supplies, detected, digital, 
people, technology, security, computer, equipment, protection, scanning, 
detection, of, desktop, pc, desk, electronic, alert, trojan, work, device, 
scam, warning, spyware, browser, browsing, horse, display, workspace, 
internet, threat, infection, word, scan, modern, icon, connection, place, 
safety, spam, workplace, working
The emails are disguised to look like its sent on behalf of disability 
welfare service provider and public health centers.
The scam has been observed in various prefectures from Japan, including 
Gifu, Osaka, and Tottori.
Researchers noted notorious spam email activities camouflaged as official 
notifications related to coronavirus.

What happened?

A group of researchers reported a malspam campaign disguised as 
notifications to provide more details on preventive measures against 
coronavirus infections, which is currently an epidemic in China.

The emails are disguised to look like its sent on behalf of disability 
welfare service provider and public health centers to gain the confidence of 
the readers.
The attackers were, in fact, distributing Emotet payloads via attachments in 
the emails.
The attachments promise to provide preventive measures against coronavirus 
infections for Japanese citizens.
The scam has been observed in various prefectures from Japan, including 
Gifu, Osaka, and Tottori.
Earlier, the Emotet gang rode on the back on similar trending events where 
it targeted people using custom holiday for Christmas and Halloween, and 
used fake invites to a Greta Thunberg Demonstration to lure targets.

How coronavirus spam mail works?

Reports from the infosec community suggest that the malspam campaign used 
stolen emails (as a template) from previously compromised accounts to 
attempt and infect the recipients. Some experts indicated that "Japanese in 
the subject and file names are strange" and that makes the emails look more 
sophisticated in comparison with other Emotet distribution attempts.

The IBM X-Force Threat Intelligence team noted that, "The subject of the 
emails, as well as the document filenames, are similar, but not identical... 
they are composed of different representations of the current date and the 
Japanese word for 'notification', in order to suggest urgency.ö

Some of the email samples also had the address of the institution that 
supposedly sent the coronavirus infection notification for added 
authenticity in the footer.

Objectives of Emotet attacks

Usually relying on spam emails, Emotet actors attempt to trick their 
prospective recipients into opening email attachments, which, when opened, 
result in the download and installation of the malware.

Users normally see the attachment as a standard Emotet malspam Office 365 
document template that asks them to "Enable Content" to properly view the 
full document.
Doing this enables the macros feature in Microsoft Office which allows the 
Emotet payload to get installed on the victim's device using a PowerShell 
command.
Then, the spam messages are made to travel to other systems to drop other 
malware strains such as the Trickbot trojan, known for delivering 
ransomware.
Ultimately, attackers look to harvest user credentials, browser history, and 
other critical documents.

73 Henk.

======================================================================
  _    _ ____  __ ____  ____   _____ 
 | |  | |  _ \/_ |  _ \|  _ \ / ____|  SYS: Henk (hb1nos@hb1bbs.com)
 | |__| | |_) || | |_) | |_) | (___    QTH: Ouwerkerk - JO11XO
 |  __  |  _ < | |  _ <|  _ < \___ \   BBS: HB1BBS.ZLD.NLD.EU
 | |  | | |_) || | |_) | |_) |____) |  QRV: 27.235 MHz (FM 1200bps)
 |_|  |_|____/ |_|____/|____/|_____/   WEB: www.hb1bbs.com

======================================================================

** Host of BPQ Netrom/Node NLDHUB::NL9HUB 85.214.163.10 UDP 93  

======================================================================
** This message is generated with Sally 7.2.033
----------------------------------------------------------------------
** Timed maandag 03 februari 2020  16:22 West-Europa (standaardtijd)
** BBS HB1PMS@HB1BBS.ZL.NLD.EU





Lese vorherige Mail | Lese naechste Mail