Security experts discovered a Mass Malware Distribution campaign that using popular political personalities in the U.S. including President Donald Trump, Hillary Clinton with a series of ransomware, screen lockers, RATs, and other malicious applications.
Researchers from security firm Talos stated that the malware authors are motivated by their political beliefs and turned into malware distribution in different forms. It’s believed that the attackers developed malware to infect the victims with ransomware, implant a backdoor in organization networks with political motivation.
“Some of the applications are designed to coerce victims into paying ransom demands, while others could be used to gain backdoor access to systems and provide attackers the ability to operate within organizational networks. In many cases, it is clear that the authors of these applications were motivated by their political beliefs, which were reflected in the software that they created,” Talos said in a statement.
How the Malware Infects
The attackers deliver malware via malspam email campaigns with fake content related to banking fraud alerts and with a malicious attachment that contains RTF files. Once opened, the RTF documents retrieve a malicious PE32 executable from an attacker-controlled server and downloads it into the victim’s device.
“Research into these campaigns originally began with a malspam campaign that attempted to deliver malware to victims. The emails associated with this campaign purport to be related to banking fraud and are made to appear as if they were sent by the director of Global Risk for credit card company Visa. Compressed archives are attached to these emails containing RTF files. The RTF files contain information related to fraud prevention,” Talos stated.
In a similar kind of news, researchers from Kaspersky revealed an ongoing Android malware campaign dubbed ViceLeaker that has been active since 2016. According to the researchers, a hacker group has been found targeting Israel citizens and other Middle East countries with surveillance malware named Triout.
The malware is designed to steal sensitive information, including call recordings, text messages, photos, videos, and location data without users’ knowledge. Apart from spying features, the malware also has backdoor capabilities, including upload, download, delete files, record surrounding audio, takeover camera, and make calls or send messages to specific numbers, according to the researchers.