If there’s one thing 2022 has proven, it’s that it’s not just your grandparents’ computers you need to worry about. at the time of Malware hosted on Discord and NFTs, there are more threats than ever coming to your digital data. It’s easy to forget that something as simple as phishing emails exist and are causing major problems for people’s safety.
Several websites are reporting an increase in phishing emails trying to install malware on unsuspecting PCs. According to The register, malicious actors are using Microsoft Exchange servers that have been compromised to send spam emails. Attached to the emails is an encrypted file, usually a .zip, carrying on the malware known as IcedID.
The .zip file usually comes with a password to unzip the file. In emails, this is presented as a layer of security to help the victim feel more at ease. Instead, entering the password will allow IcedID to be installed immediately on the computer.
This malware provides a backdoor to other criminals’ installations. This access is often sold to another party who wants to install ransomware on the machine.
Intezer further explains that the reason these emails are so convincing is due to topic hijacking. Emails that contain malware are often presented in response to a previously stolen email, making them appear more valid and less random. Intezer also digs a little deeper into how this new attack campaign is working, which is worth a look for anyone interested in the details of how your computer can be attacked.
So far, it seems the emails are using pretty consistent language, asking for an unprocessed payment for a recent contract. It’s all purposefully vague, which should help raise red flags for many. The details of this contract are supposedly in the malicious attachment that you would need to unlock using the code provided. We recommend not doing so, and perhaps get control of all these passwords while you’re at it.
As always, downloading something, especially in compressed form from an email, is risky business. But when it appears that this email comes from a known source, it’s understandable that people are being taken by surprise. This is just another reminder to always be vigilant against cyber attacks.