No, the government isn't fining you for a traffic offense — it's malware

News
By
published

New malware campaign observed targeting oil and gas companies

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
(Image credit: weerapatkiatdumrong / Getty Images)

No, your company’s vehicle wasn’t involved in a car crash, and you’re not getting a five-figure fine for it from the government - it’s all an elaborate scheme to get you to install information-stealing malware on your computer, experts have warned.

Cybersecurity researchers from the Cofense Intelligence Team recently published a new blog in which they detailed a new phishing campaign that reaches its targets “at an alarming rate”. 

In this campaign, the attackers are deploying a creative lure, and pairing it with multiple cloak-and-dagger methods to bypass email protection solutions. Furthermore, they are impersonating the Federal Bureau of Transportation to scare the victims into downloading and running the attachment.

Open redirects and impersonation

In the campaign, the unnamed attackers tell their victims that a company car was involved in an accident. The victims are mostly in the Oil and Gas sector, although Cofense isn’t sure exactly why. They speculate that the attackers could pivot to other industries rather fast, and will probably do that soon.

The phishing email comes with an embedded link that abuses open redirects, a vulnerability that allows an attacker to use a legitimate website as a stepping stone towards the malicious one. In this campaign, Google Maps and Google Images are being leveraged. The embedded link then redirects to a URL shortener, which then opens a site that hosts a PDF file.

This file is seemingly from the Federal Bureau of Transportation, and mentions a possible fine of $30,000 for the incident. It also comes with a clickable image, which triggers the download of a .ZIP file which hosts the Rhadamanthys Stealer. As soon as the file is run, it establishes a connection to the command and control (C2) server, and grabs the victim’s login credentials, cryptocurrency wallet data, and other sensitive files. 

As usual, the best way to defend against these attacks is to use common sense and think twice before downloading and running email attachments.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.