Opportunistic hackers have seized on President Donald Trump’s illness from COVID-19 to fool email recipients into clicking on malware, researchers found, in what was a quick turnaround from the news that dominated the weekend and beyond.
Proofpoint said it had detected an active, “medium volume” email campaign on Wednesday sent to several hundred U.S. and Canadian organizations. The messages are designed to bamboozle victims into downloading the BazaLoader backdoor, a kind of trojan commonly linked to the developers of the TrickBot hacking tool.
Scammers frequently seize on major news events to try duping victims into providing access to their sensitive data. The apparent TrickBot gang email campaign comes less than a week after Proofpoint highlighted another that swiped Democratic National Committee website language in a bid to infect potential party volunteers.
In this case, emails contain subject lines like “Recent materials pertaining to the president’s illness.” The body of the messages contain a hyperlink to an attached document. Clicking on it takes victims to a malicious Excel spreadsheet which can download BazaLoader, Proofpoint said.
BazaLoader, which first surfaced in April, is designed to take over corporate networks. Proofpoint said attribution for the campaign wasn’t currently available.
It’s also not the first time hackers have exploited the coronavirus pandemic.
“This is the latest example of threat actors using current news to attract viewer attention,” Proofpoint said.