Hackers Sending Fake Ebola Virus reports in emails with Malware and Phishing Links

A new malicious campaign has been identified by security researchers spreading fake news about the Ebola virus, in order to redirect users to phishing websites and delivering Malware.

Symantec has reported three Malware operations and a phishing campaign using the Ebola virus as a social engineering theme.

1. The first phishing campaign shows that cybercriminals are taking advantage of devastating situation due to Ebola virus. The procedure followed by these criminals is that they send a simple email about a report on Ebola, once the user clicks on report, gets infected by Trojan.Zbot malware.

2. In the second phishing campaign, these cybercriminals are sending emails posing as world renowned telecom and ISP claiming to offer an in depth presentation on the Ebola virus. The email comes with a zip file named as “EBOLA – PRESENTATION.pdf.zip” that installs a dangerous Trojan.Blueso malware on computer.

An important point is that Trojan.Blueso malware also infects user’s browser with W32.Spyrat which can further perform following actions.

1. Recording key strokes (everything you type on your keyboards)
2. Recording from your webcams.
3. Open web pages without your permission
4. Capture screenshots of ongoing session
5. Upload and download files
6. Making New folders and files
7. Deleting folders and files
8. Take information on computer’s OS, apps and uninstall itself.

3. The third part of this campaign uses Zmapp (an Ebola drug in an experimental stage) to infect people with Backdoor.Breut malware. The criminals send email that claims the drug for Ebola has been found curing the virus and the news should be shared as much as possible.

Last but not the least a phishing campaign using CNN’s name telling a brief story outline and includes links to an “untold story” about Ebola. The email also promises “How-to” precaution information and a list “targeted” regions.

Once the users click on the links mentioned in the email they are redirected to another page, asking them to select their email service and put their login details. The details are then sent to cybercriminals directly and users are redirected back to CNN’s homepage.

This is not the first time when the crooks have taken advantage of such situation. In past wereported on a scam claiming missing Malaysian Jet found in Bermuda Triangle. The scam was used to spread malicious virus on Facebook.

We urge users to keep an eye on such scams and do notify us by clicking here so we can educate our readers.

Homepage image credit: Symantec.