14 DAY TRIAL // Following reports of an increased number of MERS (Middle East Respiratory Syndrome) cases in South Korea, crooks have started to send out emails with this lure to trick into infecting the system with a malware.
The payload is Swort, a malicious item used to funnel in additional malware that could range from ransomware to banking Trojans.
Taking advantage of important major news reports to spread malware is far from uncommon and the strategy is most often employed on social networks, where users are baited to access potentially dangerous websites or to complete online surveys.
Malware is disguised as Word document
Symantec noticed the MERS-themed campaign and collected a malware sample, which is included as an attachment to the malicious email. It poses as a Word document claiming to provide information on the hospitals and patients carrying the pathogen.
A closer look at the file reveals its disguise as it is actually an executable file that installs Swort as soon as launched. The name of the file is written in Korean, so anyone not speaking the language receiving the dangerous email should realize the potential risk on the spot.
“During our analysis of the sample, we confirmed that it’s not a sophisticated threat. Instead, it’s a simple downloader,” Symantec said on Thursday. However, details about the malware stop with this information and it is unclear what threats it is instructed to download on the compromised system.
As MERS cases grow in number, so will related cyber attacks
According to World Health Organization, as of June 12, there are 126 confirmed cases of MERS, all but one in the Republic of Korea. The death toll has reached 11.
Last week, 2,000 people were in quarantine or under observation, suspected of MERS infection. Considering these numbers, it is very likely that cyber attacks (phishing and spear-phishing) will be carried out in the future under masked by the promise of news about the outbreak.
Users should be careful with suspicious or unsolicited emails and avoid clicking on links or opening the attachments they carry.