14 DAY TRIAL // Almost every time there's a major event happening around the world, you can count on a cyber-criminal to put a spam campaign together that leverages the incident and uses it to spread malware to curious and unsuspecting users.
The exact same thing is happening right now, as cyber-security vendor Symantec reports of spammers who are using the Zika virus outbreak to deliver their malicious code.
Users targeted by this campaign are receiving emails with the “ZIKA VIRUS! ISSO MESMO, MATANDO COM ÁGUA!” title, which translates to: “Zika Virus! That's Right, killing it with water!"
The emails are obviously leveraging everyone's interest in the Zika virus, providing methods of combating it and offering to provide information on how to stay safe.
But all the information is not readily available, and users are encouraged to download an email attachment to learn more. This file has the .jse extension, and when launched into execution, it will automatically connect to a C&C server and ask for instructions.
Spam delivers the JS.Downloader trojan
Symantec says it detects this file as JS.Downloader, a trojan variant specialized in getting a foothold on infected systems, and then downloading other more malicious files that can range from ransomware to banking trojans, and so on.
For this campaign, the JS.Downloader download link redirects users through a bit.ly link to a Dropbox URL. Security researchers observed that since February 5 to February 18, 1,610 users have accessed the URL.
As with the Zika virus itself, this campaign started and is active mainly in Brazil, but expect it to spread to other countries as the Zika virus spreads.
Currently, the World Health Organization (WHO) has upgraded the Zika virus to a level 1 outbreak and declared a Public Health Emergency of International Concern (PHEIC).
Users should consult the official websites of healthcare organizations and refrain from opening, reading, and trusting information they received via unsolicited emails.
