Cybersecurity researchers at Proofpoint have observed cybercriminals launching a wave of email attacks, actively using US President Trump’s recent COVID-19 illness as a lure to try and trick users into clicking on a malicious document and downloading infected software.
These attacks follow recent attempts by another cybercriminal group, who last week sent tens of thousands of malicious email attacks asking recipients to volunteer for the Democratic Party ahead of the November U.S. election, as a lure to trick users into installing the Emotet malware.
This campaign attempted to spread unknown malware via BazaLoader, a first stage downloader initially observed earlier this year. Proofpoint researchers have previously observed BazaLoader being distributed in high volume email campaigns by a threat actor that is primarily known to distribute TrickBot. From a mitigation standpoint we recommend organizations use a secure email gateway, that features an effective antimalware program, to help ensure these types of threats don’t make it to users’ inboxes. A strong user education program that reinforces the risks posed by links and attachments is also encouraged.