Gmail users have been put on red alert, and need to be very careful about what they click on in their inbox. Security experts have revealed scammers are spreading dangerous attachments in emails which can lead to crucial information such as credit card details being stolen after just one click.
This is due to the dangerous Vidar malware which is being hidden in attachments sent out as part of a campaign targeting Gmail users.
Vidar is an information-stealing malware that can collect sensitive information such as credit card details, addresses, password stores, crypto wallet data and other things you don’t want a hacker to get hold of.
This malware can be purchased ready to use for cyber criminals, who have found a sophisticated way to distribute the malicious software.
As researchers at Trustwave found out, a new email campaign is spreading Vidar by loading it up onto a Microsoft Compiled HTML Help file.
This usually is an innocuous file to open, which provides support documentation for a programme you’re looking to run.
But in the case of the latest scam which is targeting Gmail users, the malware itself is loaded onto this help file and clicking on it will lead to your machine being compromised.
To trick unsuspecting Gmail users into opening this file, hackers are relying on typical social engineering tactics.
In one example of the Vidar campaign, researchers spotted an email that was titled ‘re not read coverage inquiry’.
This made it seem like the message was being sent as part of an ongoing conversation and it went on to say: “The important information for you. See the attachment to the email.”
Attached with the email was a request.doc file, which once extracted revealed two files – an app.exe file as well as a pss10r.chm help file. The latter is the one that has the dangerous payload secretly loaded on it.
In the example Trustwave highlighted, the scammers didn’t put in too much effort into crafting a convincing email that would lead someone to click on a file sent from an unknown email address.
But this doesn’t mean future scams won’t involve a bit more thought, so you should be very careful about what emails you click on, especially ones with attachments.
Speaking to ZDNet, Trustwave’s Karl Sigler said: “Since this Vidar campaign utilizes social engineering and phishing, ongoing security awareness training for your staff is essential.
“Organisations should also consider implementing a secure email gateway for ‘defence in depth’ layered security in order to filter these types phishing attacks before they even get to any inboxes.”
To help you stay clear from this threat or any other email scams, be careful of any emails you get sent from unknown email addresses.
If a message claims to be from a reputable company whose services you use, double check whether the sender’s email is actually an official email address and if unsure contact the company in question to confirm if the message is an official correspondence.
Also beware of the tell tale signs of a scam message, which includes spelling and grammar mistakes, asking you to enter sensitive user details on an unfamiliar website, or urgent demands to provide payments details.
Published at Thu, 31 Mar 2022 07:01:00 +0000