If you receive an e-mail which allegedly includes a ‘scandalous’ video of Donald Trump make sure you don’t click on it. Security experts are warning about this new scam, which appears to be trying to piggyback off the interest in Trump’s final days in office. The outgoing US President is scheduled to leave the White House this month, with President-elect Joe Biden getting sworn in on January 20.
And ahead of this crucial date in US politics experts at Trustwave have spotted a dangerous scam that would give criminals complete access to your PC.
The scam is spreading a new variant of the Quaverse Remote Access Trojan (QRAT), which lets crooks take control of a victim’s machine.
The con job begins with a target being sent an e-mail purporting to offer a good investment opportunity.
But inside the e-mail is an attachment people can click on called ‘TRUMP_SEX_SCANDAL_VIDEO.jar’.
If someone ends up clicking on this file and opening it they’ll be told that a remote access tool needs to be installed.
Those that agree to this will then, unfortunately, see their machine get taken over by hackers.
Discussing this threat in a post online, Trustwave’s Diana Lopera said: “The email, with the subject ‘GOOD LOAN OFFER!!’, at first glance, looks like a usual investment scam.
“No obfuscation in the email headers or body is found. Interestingly, attached to the email is an archive containing a Java Archive (JAR) file called “TRUMP_SEX_SCANDAL_VIDEO.jar.”
Lopera added: “We suspect that the bad guys are attempting to ride the frenzy brought about by the recently concluded presidential elections, since the filename they used on the attachment is totally unrelated to the email’s theme.”
Despite the threat this scam poses, Lopera said the likelihood of people falling for it is low due to its “amateur” delivery.
Lopera wrote: “While the attachment payload has some improvements over previous versions, the email campaign itself was rather amateurish, and we believe that the chance this threat will be delivered successfully is higher if only the email was more sophisticated.
“The spamming out of malicious JAR files, which often lead to RATs such as this, is quite common. Email administrators should be looking to take a hard line against inbound JARs and block them in their email security gateways.”
The new e-mail scam has been discovered amid violent scenes at Capitol Hill this week that world leaders have condemned as “horrifying” and “disgraceful”.
On the day that Congress were scheduled to certify Biden’s electoral victory Trump-supporting rioters that had gathered outside the US Capitol stormed the building.
Four people died including one woman who was shot on the Capitol grounds.
Armed protestors had gathered outside the iconic US building after Trump had spread for months baseless claims about alleged electoral fraud at last November’s Presidential election.
Dozens of lawsuits the Trump team have filed claiming voter fraud have failed, with lawyers failing to produce evidence to back up their allegations.
Published at Fri, 08 Jan 2021 05:01:00 +0000