Covid-19 has been a recurring theme in the phishing campaigns and cyberattacks of these nearly two years of pandemic, and cybercriminals have not yet exhausted the topic. In fact, a phishing campaign has been discovered that uses the Omicron variant to spread malware that steals bank data.
The discovery comes from researchers at Bitdefender Antispam Lab, an email that uses Omicron tries to infect recipients with FormBook malware, known for stealing bank data to the detriment of its victims. The text of the email sent to the victims resembles a request to check information regarding a shipment and is contained in an attachment with a Proforma invoice. To grab the victim’s attention, cybercriminals cite new regulations that came into effect in response to the Omicron variant in the message without adding any other details. Here is an example of the text of these emails: “Attached you can find the Proforma invoice. Please note that the government has implemented new regulations to stem the spread of the OMICRON COVID-19 variant. Final documents will be sent after final confirmation of the information in attachment “.
The attachment actually contains GuLoader, a remote access Trojan best known for its capabilities that allow it to evade detection. Thanks to it, cybercriminals spread FormBook, a popular malware capable of stealing information from the victim, especially bank data. The campaign, initially born in Asia, quickly spread, affecting Europe as well. (HANDLE).
Source From: Ansa