Kaspersky Lab has warned of a surge in sophisticated malware mailings targeting organizations in various countries, including Russia.
The goal of the attackers is to break into corporate correspondence and convince users to download the malware to their computer by responding with a letter.
This is how attackers try to gain access to users’ devices. According to Kaspersky Lab data, from February to March 2022, the number of such emails grew 10 times, increasing from about 3,000 to 30,000. Malicious emails arrive in various languages, including English, German, French, Italian, Polish, Hungarian, Norwegian, and Slovenian.
One of the schemes that experts have fixed looks like this: in a thread of existing correspondence, users receive a letter that contains an attachment or a link, often leading to some popular cloud service for storing files. The purpose of the email is to convince recipients to follow the link, download the zipped document and open it using the password provided in the text, or open the attachment attached to the email. To do this, attackers usually write that the document contains important data that the recipient has requested for a long time: for example, a payment form or a commercial offer.
As soon as the victim opens the archive, the Trojan contained in it downloads and launches the Qbot dynamic library. In a number of cases, malicious documents were downloaded by the Emotet Trojan.
Once on a computer, malware can steal user credentials, spy on company activities, spread over the network and install encryption programs on other PCs, and gain access to emails. Malware distributed in this way can also gain access to emails that attackers can use to further organize malicious mailings.