Expert Advise On Cybercriminals Using Trump COVID-19 Illness To Spread Malware

Cybersecurity researchers at Proofpoint have observed cybercriminals launching a wave of email attacks, actively using US President Trump’s recent COVID-19 illness as a lure to try and trick users into clicking on a malicious document and downloading infected software.

These attacks follow recent attempts by another cybercriminal group, who last week sent tens of thousands of malicious email attacks asking recipients to volunteer for the Democratic Party ahead of the November U.S. election, as a lure to trick users into installing the Emotet malware.

Experts Comments

October 08, 2020
Sherrod DeGrippo
Senior Director, Threat Research and Detection
Proofpoint
This campaign attempted to spread unknown malware via BazaLoader, a first stage downloader initially observed earlier this year. Proofpoint researchers have previously observed BazaLoader being distributed in high volume email campaigns by a threat actor that is primarily known to distribute TrickBot. From a mitigation standpoint we recommend organizations use a secure email gateway, that features an effective antimalware program, to help ensure these types of threats don’t make it to.....Read More
This campaign attempted to spread unknown malware via BazaLoader, a first stage downloader initially observed earlier this year. Proofpoint researchers have previously observed BazaLoader being distributed in high volume email campaigns by a threat actor that is primarily known to distribute TrickBot. From a mitigation standpoint we recommend organizations use a secure email gateway, that features an effective antimalware program, to help ensure these types of threats don’t make it to users’ inboxes. A strong user education program that reinforces the risks posed by links and attachments is also encouraged.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.