Since the start of coronavirus disease (COVID-19) pandemic hackers and cyber scammers are trying to take advantage of the outbreak for their own purposes. One of the recent examples is a phishing campaign discovered by researchers at Proofpoint that uses President Donald Trump’s illness from COVID-19 as a bait to trick users into installing malware.
The researchers say they have spotted an active, “medium volume” email campaign targeting hundreds U.S. and Canadian organizations. The goal of the campaign is to deliver the BazaLoader backdoor onto users’ computers. The BazaLoader backdoor is believed to be the work of the developers behind TrickBot malware. The backdoor serves as a tool kit for hackers to gain access to an enterprise’s network.
The messages contain subject lines like “Recent materials pertaining to the president’s illness” and a hyperlink to an attached document. When clicked, the hyperlink points victims to a malicious Excel spreadsheet which can download the BazaLoader malware. Proofpoint researchers did not say what threat actor may be involved in this campaign.
The BazaLoader backdoor was first discovered in April 2020. At the time, researchers said that the malware poses a significant threat to corporate networks, as it can be used to stealthily deploy ransomware or conduct other attacks.