If you receive an email claiming to have a ”new message” from Facebook just delete it because the attachment contains Nivdort malware
This time, the campaign is targeted against the e-commerce related users of Facebook because mainly businesses and consumers have been attacked by utilizing social engineering skills and phishing tactics.
According to the research team at Comodo Threat Research Lab, this new malware appears in the form of an email citing that there is a new message for the recipient from Facebook. The sender’s name and email address also have been given the Facebook brand name, however, the email address has different domain names and none of them are related to Facebook in any way.
The email’s subject line is quite straightforward yet every user receives a different line. Some of which are as follows:
“A brief vocal e-mail was delivered; an audio announcement has been delivered!; an audible warning has been missed; you got a vocal memo!; you recently missed a short audible notice; and the German Ein Videohinweis wurde vermisst (which means “a video note was missed”).
The director of technology at Comodo Threat Research Lab Faith Orhan stated in his blog entry that:
“In this age of cyber-attacks, being exposed to phishing is a destiny for every company, well-known or not. It may not be the most groundbreaking attack method cyber-criminals use—but there’s no denying that cyber-criminals are becoming cleverer when crafting their messages.” “More frequently, they’re using well-known applications or social platforms and also action-oriented language in the subject lines to entice recipients to open the emails, click the links or attachments and spread the malware.”
In every email, the subject line ends with some series of random characters such as ‘Yqr’ or ‘sele,’ which would most likely pass as antispam byproducts. The malware is hidden in a .zip file attached in the email.
In this .zip file there is a .exe (or executable) file that contains a version of the Nivdort malware family.
It can be identified as a Trojan. Nivdort interferes with the internet network connections of the users and prevents them from accessing specific websites along with infecting the victim’s computer’s hard drive with an array of malicious files.
These files are later used to exploit the computer to install ransomware apps and several other remotely controllable malware.
Echoes from the past:
Earlier this month, WhatsApp users were also targeted with a similar campaign. It was more like a random phishing campaign in which the attackers sent fake emails to the users on WhatsApp.
The information was represented as official content sent by WhatsApp team. However, it actually was a malware distribution campaign. The malware was transferred as soon as the victims clicked on the message attached in the email.
It seems like the same team is behind the new malware campaign that is haunting Facebook currently.