[SCAM OF THE WEEK] Phishing Attack Warns About Boeing 737 Max Crashes And Infects Workstations



 

Boeing-737-max

Large airline crashes tend to uniquely focus almost everyone's attention. Lowlife internet criminals are exploiting the fear connected to these incidents, and leverage it in phishing attacks.

A new campaign is underway that uses the recent Boeing 737 Max crashes as a way to infect workstations with both remote access and info-stealing Trojans. This new campaign was discovered by 360 Threat Intelligence Center, who posted about them on Twitter and include a VirusTotal link which shows the AV engines that catch it.  

360-treatintel-tweet

These emails pretend to be from a private intelligence analyst who found a leaked document on the dark web. This document pretends to contain information about other airline companies will be affected by similar crashes soon, and in broken English "kindly notify your loved ones about the informations on these file".

The emails are coming from an email address at info@isgec.com and have subject lines similar to "Fwd: Airlines plane crash Boeing 737 Max 8". They also contain a JAR file as an attachment with names similar to MP4_142019.jar. Here is a screenshot:

373-max-phishing-attack

Bleepingcomputer confirmed that both H-Worm RAT and Adwind info-stealing Trojans were installed.

 I suggest you send this reminder to your users. Feel free to edit, copy/paste: 

"Airplane Crash Scam Warning. Be on the lookout for emails in your inbox from "analysts" about the recent Boeing 737 Max airplane crashes, asking you to notify your loved ones about possible other airlines "that will go down soon". These emails come with infected attachments that might make it through the filters, either at the office or at your house.  Remember to always be alert about email with unknown attachments, and never open an attachment unless you are expecting it from the sender and have confirmed that they have actually sent it to you."

Let's stay safe out there.

Warm regards,
Stu Sjouwerman
Founder and CEO,
KnowBe4, Inc

NewStu-6


Topics: Phishing

Subscribe To Our Blog


Domain Spoof Test Contest




Get the latest about social engineering

Subscribe to CyberheistNews