A phishing campaign is using Black Lives Matter-themed phishing lures to trick people into installing malware, Yahoo reports. Adam Levin from Cyberscout told Yahoo that the phishing emails contain the subject line, “Vote anonymous about ‘Black Lives Matter.’” The email body states, “Leave a review confidentially about ‘Black Lives Matter.’ Claim in attached file.”
The attached file is a Microsoft Word document titled, “e-vote_form_3438.” If the user opens this document, they’ll see a slide telling them to click “Enable Editing” and then “Enable Content” in order to view the content. If these buttons are clicked, the document will be allowed to run a macro that will trigger the malware’s installation process. This is an extremely common tactic, but many people still fall for it.
Levin says the final payload in this campaign is TrickBot. TrickBot is a notorious and versatile commodity banking Trojan that’s used by both criminals and some nation-state actors due to its effectiveness. In addition to stealing passwords and financial information, TrickBot can spread to other computers and download additional malware such as ransomware.
Yahoo notes that since cybercrime is such a profitable industry, these attacks won’t be slowing down anytime soon.
“This particular TrickBot scam may be new, but malware scams are always rampant on the internet,” Yahoo says. “The statistics are staggering: by 2020, the global cost of malware attacks is expected to hit $6 trillion—yes, trillion—according to the cyber experts at Cybersecurity Ventures.”
Attackers always try to exploit hot-button issues and current events to trick people into making poor security decisions. As the US gets closer to its election in November, we can expect to see more scammers trying to take advantage of issues that people feel strongly about. New-school security awareness training can help your employees take a step back and think about what they’re doing, rather than impulsively clicking on a link or downloading a document.