Criminal are Now Posing As Security Companies to carry out Malware Scams via Email. Current, cybercriminals are now impersonating cybersecurity companies in other to try and lure victims into downloading compromising programs.
Malware Scams Email
An investigation carried out by Crowdstrike, one of the cybersecurity companies impersonated in the campaign, uncovered a “callback phishing” campaign in which threat actors would be getting to various companies through email, telling them that their endpoint would be compromising, and urging them to call the company back for more information on how to take out the treat.
The email also carries the phone number that the victims should call, and just as you might imagine, it actually does not belong to the actual company, but rather to the attackers.
Also, the email carries the phone number that the victims should call, and as you might just imagine, it does not belong to the actual company, but rather to the attackers.
Legitimate Software and Nefarious Goals
If the victim falls for the scam and eventually calls the number places in the email address, the person on the other end of the line would try to persuade them into downloading “common Legitimate remote administration tool (RATs),” and this would get them the access they need to target network. Furthermore, they would try and get the victim to install off-the-shelf penetration testing tools, which includes cobalt strike, to allow for lateral movement.
Following the successful breach and lateral movement, the attackers would look to deploy ransomware, although Crowdstrike actually could not say exactly which of the ransomware Variant they are making use of.
One reason why such campaign could actually be relatively successful is the fact that the emails is carrying no links, or attachments. As such, it remains possible for email security solutions, as well as antivirus programs, not to detect these emails as malicious, and release them to the target’s inbox.
What’s more, offering cyberattacks your mobile number also opening up an additional avenue for the attacks.
This is not exactly a new strategy. Cybercriminals have been making use of this approach for several months now, as email security systems grew even more sophisticated and even better at spotting malicious actors.
Around Black Friday 2021, scammers were found trying to impersonate several big brands like Amazon, Target, and Walmart, attempting to get victims to call them.