Trojan Malware Targets Trump Supporters

Bad actors have launched a phishing campaign that aims to infect supporters of President Donald Trump with a dangerous banking Trojan. 

The malicious campaign was detected by Area 1 Security on August 21. Victims are enticed to open messages that appear to be from legitimate political action committees (PACs) but are in fact fake.

The messages refer to highly publicized political issues and events and feature subject lines prefaced with "Fwd:" and "RE:" Deceived victims who take the bait have their system attacked by Emotet malware. 

"The attacker forwards a legitimate PAC mailer to develop a false sense of legitimacy, with entirely authentic content throughout the body of the message," noted researchers. "Every link works and leads to benign web pages of the impersonated PAC."

The Emotet downloader is contained in a Microsoft Word document attached to the malicious email.

Attackers were observed seeking to leverage media attention on the president's decision to temporarily withhold funding from the World Health Organization pending the outcome of a formal investigation into the global health agency's response to the Covid-19 pandemic. 

Researchers said: "Like a Wolf in sheep’s clothing, the attacker cleverly disguises their Emotet delivery mechanism as messaging about timely and highly publicized, hot-button issues in politics."

One email, sent with the subject “Fwd:Breaking: President. Trump suspends funding to WHO,” called for recipients who agreed with the suspension of funding to click a button labeled "Stand with Trump." The attacker use ..

Support the originator by clicking the read the rest link below.