BEWARE OF BANK SMS FOR COVID-19 PAYMENT

Due to the ongoing crisis all over the world , bad actors are constantly updating their phishing techniques to take the advantage of the scenario . Over the past three months, spammers everywhere are using the pandemic to spread phishing, scams and malware. Considering banks as a biggest source to fulfill their needs , this time the bad actors have seen to launch their campaigns in this sector . Researchers from MalwareHunterTeam , PhishLabz , Fire eye and PhishLabz have identified some of these campaigns delivering malicious email contents and text messages to the customers . They come across a campaign named “COVID-19 relief” which they operate in the name of “COVID-19 payment” . Their main targets are the users businessman and corporate worker based in US , Canada and Australia . This screenshot displays a fraud email sent to the citizens of Canada saying that your payment was approved by Canada’s Prime Minister , Justin Trudeau, and they claim the recipient can receive a check for 2,500 Canadian dollars if they fill out a form . The form which this email redirects to is a phishing page to steal your credentials .

Another campaign carrying out in the name of Canadian bank is observed . The given link http://s4-update0{dot}.com/3/ in the screenshot redirects the user to a website asking for bank credentials .

phishing smsCOVID19 phishing sms — **COVID19 phishing sms**

This screenshot is also an example of phishing targeting Canadian banks . By clicking the link, victims are led to emergencycanadaresponse.xyz and asked to choose their bank, as well as enter their account information.

But some hackers use some more brain and do social engineering to take the advantage in other way and lauched their trojan into the victim’ system. Coming back to Zeus Sphinix which almost made its presence in the market after three years , this trojan help the bad actors to do some fun with people in this crowdy season. In Sphinx’s case, the email tells victims that they need to fill out an attached form to receive monetary compensation for having to stay at home to help fight increasing infection rates . As soon as , the doc reaches to the end user , it asks the user to enable some macro which obviously indicates some wrong injections to your system . As soon as you enable the malicious macros desired by the document , the illegitimate script behind the document will start its deployment in your system , often using legitimate, hijacked Windows processes that will fetch a malware downloader that will communicate with C&C to launch the relevant malware for your system . After the malware gets embedded in your system , it then calls on its C&C server to fetch relevant web injections when infected users land on a targeted page and uses them to modify the pages users are browsing to include social engineering content and trick them into divulging personal information and authentication codes.

Sphinx signs the malicious code using a digital certificate that validates it, making it easier for it to stay under the radar of common antivirus (AV) tools when injected to the browser processes. In the following example, that file is named “Byfehi.”

Similar attacks phishing scams has also been observed in which the bad actors are targeting with the phishing emails titled “Internal Guidance for Businesses Grant and loans in response to respond to COVID-19 ”. The files attached to these emails lead to a fake message from the US Small Business Administration, which takes victims to a phishing page designed to harvest Microsoft account credentials.

HOW TO PROTECT FROM THESE ATTACKS ?

Government authorities of various countries are continuously keeping their citizens updated with the news attacks but it is important for people not only to understand but also implement these points :

Do not visit to any malicious or suspicious website that you might think is wrong .
Always see the flags when you visit any URL i.e. do not enter any sensitive information to the flag set by your browser as “not secure“.
Keep your list of validated users in your system updated . Remove unwater validators .
If found any suspicious URL , use virus total or any other antivirus tool to check it .

RSU

RSU is security researcher who is constantly working to make world a secure place to live. He is working day and night in Cyber Security area.

BEWARE OF BANK SMS FOR COVID-19 PAYMENT

HOW TO PROTECT FROM THESE ATTACKS ?

Dual Vulnerabilities in Microsoft SharePoint Server: Essential Steps to Mitigate Vulnerabilities

Exploiting the High-Risk Vulnerabilities in Secure Boot of Most Linux Devices on the Planet

Hackers’ New Target is containerized environments through vulnerabilities in runC

Hacking Android, Linux, macOS, iOS, Windows Devices via Bluetooth using a single vulnerability

Hacking Windows 10 and 11 with DLL Search Order Hijacking without administrator rights

Healthcare Hack Horror: Cyberattacks Leave French Hospitals in Chaos for $10 Million

Hacking the Unhackable: The Story of How CISA Was Breached

The Cloudflare Hack: A Hacker, 5000 Credentials, and Operation Code Red

Hijacked Data:LockBit Ransomware Gang Targets Aerospace Giant Boeing

Timeless Targets: After Casio, Seiko Group hacked again by Ransomware gang

Unlocked Doors: The Inside Story of Casio’s Global Data Breach!

Largest soft drink bottle supplier, recycle and plastic manufacturers hacked by ransomware

Google Gemini Under Fire: Critical Security Vulnerabilities You Need to Know to hack Gemini

Cracking SCCM Wide Open: Pentesting System Center Configuration Manager with Misconfiguration Manager

Hacking Windows 10 and 11 with DLL Search Order Hijacking without administrator rights

Hacking SSH Connections by exploiting SSH Protocol Vulnerabilities: Different Terrapin Attack Vectors

Understanding Latest DHCP DNS Vulnerabilities and How DHCP Exploits work in Active Directory

Hacking Bluetooth via MiTM: The BLUFFS Bluetooth attack to hack into Millions of Devices

6 Steps to File Anonymous SEC Complaints Against Data Breachers & Force Them to Pay Fines or Take Action

Inside the Exploit: How Your ChatGPT’s Uploaded Files Could Be Stolen by Prompt Injection Vulnerability

This Google Calendar technique allows to hack into companies without getting detected

This telegram bot is like ChatGPT for scammers to steal money from victims easily

How easy is to bomb someone mobile phone with thousands of SMS messages?

This new DDoS attack prevention technique has a 99% accuracy rate

How to secure Cisco Firepower Threat Defense (FTD) firewalls ?

How to use AWS SSM agent as backdoor and hack into EC2 instances?

New tool FraudGPT allows scamming and easy hacking of victims using AI

The Dark Side of PDFs: How Opening a Simple PDF Could Unleash a Cybersecurity Nightmare

Largest soft drink bottle supplier, recycle and plastic manufacturers hacked by ransomware

Visited thesaurus.com in search for Synonyms? You have Coinminer malware infection

How to send malware via Teams, even “Safe Attachments” or “Safe Links” can’t protect you

2 Big Cloud hosting companies shutdown by ransomware and lose all customer data