WHO Chief Impersonated in Phishing to Deliver HawkEye Malware

WHO Chief Impersonated in Phishing to Deliver HawkEye Malware


An ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO) is actively spreading HawkEye malware payloads onto the devices of unsuspecting victims.


This spam campaign started today according to researchers at IBM X-Force Threat Intelligence who spotted it and it has already delivered several waves of spam emails attempting to pass as being delivered by WHO. 


"HawkEye is designed to steal information from infected devices, but it can also be used as a loader, leveraging its botnets to fetch other malware into the device as a service for third-party cybercrime actors," IBM X-Force's research team previously said.


Malspam promising coronavirus prevention and cure instructions


The emails come with archive attachments containing a Coronavirus Disease (Covid-19) CURE.exe executable described by the attackers as a "file with the instructions on common drugs to take for prevention and fast cure to this deadly virus called Coronavirus Disease (COVID-19)."


"This is an instruction from  WHO (World Health Organization) to help figth against coronavirus," the phishing emails also add.


The targets are also asked to review the attached file and follow the enclosed instructions, as well as forward it to family and friends to share the "instructions" needed to fight the virus.



Phishing email sample (IBM X-Force)

"These emails claiming to be from the World Health Organization are being delivered personalized by addressing the recipient by a username stripped out of the email address," IBM X-Force researchers found.


However, instead of coronavirus drug advice, the executable actually is a HawkE ..

Support the originator by clicking the read the rest link below.