Spear-Phishing Emails Pose As Attack Alerts

Matthew Broersma,
phishing

The malicious emails aim to infect targeted companies with a remote access Trojan

Cybercriminals are preying on users’ fear of militant attacks in their efforts to infect companies with malware, according to IT security firm Symantec.

The company highlighted email campaigns by a single gang that target organisations in the United Arab Emirates (UAE), Bahrain, Turkey and Canada, and which display an unusual degree of sophistication.

computer security

The emails claim to contain information that can help the user avoid potential attacks by militants in their area, Symantec said.

They pose as an alert from a local official security force and are signed with the names of real law-enforcement officials to add credibility.

All the officials named in the emails are currently in office, and the emails in most cases name a specific recipient employed by the target company, Symantec said.

“All these details show that the crooks did some research before sending these phishing emails,” wrote Symantec’s Lionel Payet in the advisory. He noted that the emails aren’t, however, written entirely in the countries’ respective official languages.

The messages, initially spotted in Dubai and posing as information from the Dubai Police Force, are sent either to a specific individual or to entry points such as customer service representatives or IT department personnel, Symantec said.

RAT

They contain a non-malicious PDF that acts as a decoy file and another attachment, an archive that contains the malware in a .jar file.

“The cybercriminals behind this campaign are using a multiplatform remote access Trojan (RAT) called Jsocket (detected as Backdoor.Sockrat),” Payet wrote. “This RAT is a new product from the creators of the AlienSpy RAT, which was discontinued earlier this year.”

He said companies in the energy, defence, finance, government, marketing and IT sectors have been targeted.

“We may yet see more of these kinds of social engineering tactics preying on real-world fears,” Payet wrote.

Symantec said users can protect themselves by keeping their security software up to date, and by avoiding opening suspicious attachments or providing personal information in emails or web pop-up screens.

Are you a security pro? Try our quiz!