Cybercriminals are preying on users’ fear of militant attacks in their efforts to infect companies with malware, according to IT security firm Symantec.
The company highlighted email campaigns by a single gang that target organisations in the United Arab Emirates (UAE), Bahrain, Turkey and Canada, and which display an unusual degree of sophistication.
The emails claim to contain information that can help the user avoid potential attacks by militants in their area, Symantec said.
They pose as an alert from a local official security force and are signed with the names of real law-enforcement officials to add credibility.
All the officials named in the emails are currently in office, and the emails in most cases name a specific recipient employed by the target company, Symantec said.
“All these details show that the crooks did some research before sending these phishing emails,” wrote Symantec’s Lionel Payet in the advisory. He noted that the emails aren’t, however, written entirely in the countries’ respective official languages.
The messages, initially spotted in Dubai and posing as information from the Dubai Police Force, are sent either to a specific individual or to entry points such as customer service representatives or IT department personnel, Symantec said.
They contain a non-malicious PDF that acts as a decoy file and another attachment, an archive that contains the malware in a .jar file.
“The cybercriminals behind this campaign are using a multiplatform remote access Trojan (RAT) called Jsocket (detected as Backdoor.Sockrat),” Payet wrote. “This RAT is a new product from the creators of the AlienSpy RAT, which was discontinued earlier this year.”
He said companies in the energy, defence, finance, government, marketing and IT sectors have been targeted.
“We may yet see more of these kinds of social engineering tactics preying on real-world fears,” Payet wrote.
Symantec said users can protect themselves by keeping their security software up to date, and by avoiding opening suspicious attachments or providing personal information in emails or web pop-up screens.
Are you a security pro? Try our quiz!
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…