![]() The Department of Justice alleges that Zhang Shilong and Zhu Hua have stolen "hundreds of gigabytes" of private data from more than 45 government organizations and other important US-based businesses. The US has indicted two Chinese hackers with strong links to the Chinese state-backed hacking group, APT10. The command downloads and installs the Emotet Trojan. When the victim opens the document, Word shows the user a Security Warning, advising that "some active content has been disabled." If the user clicks through this warning, a macro triggers that executes a PowerShell command. Also note the misaligned Amazon Recommendation and Amazon Account links in the email. You can see the differences in the image above. The Order Details button downloads a malicious Word document named order_details.doc. ![]() Instead, the scammers direct the victim to hit the Order Details button. They do not display the items that are being shipped. ![]() The emails, however, have one difference. These are all fake, but the spammers rely on the fact many people order multiple packages from the shopping giant and won't pay attention. Victims receive a standardized Amazon Order Confirmation form, containing an order number, payment summary, and an estimated delivery date. Researchers for EdgeWave discovered the campaign and quickly realized that the end-goal was to trick unsuspecting Amazon customers into downloading the dangerous Emotet banking Trojan.
0 Comments
Leave a Reply. |