14 DAY TRIAL // McAfee researchers have identified a cybercriminal campaign targeted at organizations from the United Arab Emirates (UAE), Oman, Bahrain and a couple of Caribbean islands.
According to experts, the crooks sent out spear phishing emails designed to distribute a data-stealing malware.
The attack starts with an executable file (emiratesstatement.exe) disguised as a harmless PDF. When run, the executable drops several malicious files, including a keylogger, a mail password recovery tool, and a web browser password recovery tool.
During installation, the malware disables the Windows firewall.
The passwords harvested from the infected system are written into output files and sent to an FTP server.
McAfee has found that the cybercriminals are attempting to steal credentials for webmail, Facebook, Hotmail, internal CRM systems, travel reservation systems, news sites, e-services and government institutions, and firewalls.
Government entities, telecoms companies, and firms from the IT, natural resources and travel sectors are targeted.