Cybercriminals are preying on users’ fear of militant attacks in their efforts to infect companies with malware, according to IT security firm Symantec.
The company highlighted email campaigns by a single gang that target organisations in the United Arab Emirates (UAE), Bahrain, Turkey and Canada, and which display an unusual degree of sophistication.
The emails claim to contain information that can help the user avoid potential attacks by militants in their area, Symantec said.
They pose as an alert from a local official security force and are signed with the names of real law-enforcement officials to add credibility.
All the officials named in the emails are currently in office, and the emails in most cases name a specific recipient employed by the target company, Symantec said.
“All these details show that the crooks did some research before sending these phishing emails,” wrote Symantec’s Lionel Payet in the advisory. He noted that the emails aren’t, however, written entirely in the countries’ respective official languages.
The messages, initially spotted in Dubai and posing as information from the Dubai Police Force, are sent either to a specific individual or to entry points such as customer service representatives or IT department personnel, Symantec said.
They contain a non-malicious PDF that acts as a decoy file and another attachment, an archive that contains the malware in a .jar file.
“The cybercriminals behind this campaign are using a multiplatform remote access Trojan (RAT) called Jsocket (detected as Backdoor.Sockrat),” Payet wrote. “This RAT is a new product from the creators of the AlienSpy RAT, which was discontinued earlier this year.”
He said companies in the energy, defence, finance, government, marketing and IT sectors have been targeted.
“We may yet see more of these kinds of social engineering tactics preying on real-world fears,” Payet wrote.
Symantec said users can protect themselves by keeping their security software up to date, and by avoiding opening suspicious attachments or providing personal information in emails or web pop-up screens.
Are you a security pro? Try our quiz!
State media reports the Iranian regime has lifted the ban on WhatsApp and Google Play,…
Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…
Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…
Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…
Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…
Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal