Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Fake Scandal Video Serves Malware

Stu Sjouwerman | Jan 7, 2021

Fake Scandal Video MalwareResearchers at Trustwave warn that a phishing campaign is attempting to deliver malware via a file for a fake scandal video with 'Trump' included in the title. The file is a Java Archive (JAR) that will install the Qnode remote access Trojan.

Interestingly, the content of the phishing email itself had nothing to do with that filename, and instead tried to rope the target into an investment scam. The researchers believe the scammers are simply trying to capitalize on the recent US elections with the Trump-related filename. Still, Trustwave says the malware aspect of the campaign was effective:

  • “To increase the chances of this threat being executed by the email recipient, the attachment name was based on a prominent figure, and a GUI indicating that the malicious JAR is a tool used in penetration testing.
  • “To evade detection, the malicious code of the downloader was split-up into different buffers inside the JAR. Also, the string “qnodejs” which can distinguish the files related to this threat was not used anymore.
  • “To challenge the existing remediations of this threat, the names of the other files it created and downloaded were changed and they are put into different locations, not inside the Node.Js installation folder.
  • “To deliver the final payload into the system, the infection chain was modified – the JAR directly downloads the payload.”

The researchers conclude that this campaign would probably only fool the most gullible of victim, although it could easily be made more convincing with some simple improvements. And in any case most of us suffer episodes of extraordinary gullibility.

“While the attachment payload has some improvements over previous versions, the email campaign itself was rather amateurish, and we believe that the chance this threat will be delivered successfully is higher if only the email was more sophisticated,” they write. “The spamming out of malicious JAR files, which often lead to RATs such as this, is quite common. Email administrators should be looking to take a hard line against inbound JARs and block them in their email security gateways.”

Technical defenses won’t stop every threat, however. New-school security awareness training can teach your employees to avoid falling for clickbait and to never download untrusted files.

Trustwave has the story.

Topics: Phishing Malware

Discover Your Organization’s Phish-prone™ Percentage

Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

Get Your Free Phishing Security Test

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Stu Sjouwerman

ABOUT STU SJOUWERMAN

Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

Read more from Stu »

Subscribe the KnowBe4 Blog

Posts By Topic

View All