A new malware attack targeted specifically at businesses and consumers Facebook users has been discovered. And it makes use of social engineering and phishing.
The Comodo Threat Research Lab has found that the Facebook malware tries to represent itself as an email from Facebook which states there is a new message for the recipient. However it’s not any way related with the Facebook company.
The subject headings of the emails are simple: A brief vocal e-mail was delivered; an audio announcement has been delivered; an audible warning has been missed; you got a vocal memo!
Each subject line ends with a set of random characters like ‘sele’ or ‘Yqr’. The malware is in a .zip file, sent as an attachment and contains a variant of the Nivdort malware.
Nivdort is a trojan that interferes with internet connections and prevents the user from accessing websites. It also distributes malicious files throughout a victim’s hard drive, which can be used to exploit the user’s computer to install ransomware applications and other remote controlled malware.
This is similar to a campaign that targeted WhatsApp users earlier in the month. In this phishing attack, cyber-criminals were also sending fake emails to spread malware when victims clicked on the attached “message.”
As previously reported, Phishing attacks are on the rise. The only way of defeating Phishing is through user education and awareness.
Before you click, be cautious ! Look at the information before you. Does it appear legitimate ? Is it something you were expecting ?
If it’s out of the blue or you’re not quite sure about it, for whatever reason ! think twice about it clicking on it and delete it immediately. If it’s that important the person sending it will contact you again another way.
If you’re reluctant to delete, worried that it might be much needed business, then call or contact the person who supposedly sent the message to confirm things first.
Education and awareness forms an integral part of a bespoke Information Security and Insider Threat Management System designed and implemented by ESID Consulting. Contact us at Tel 0844 358 2362 or email firstname.lastname@example.org for help and advice