Researchers at Trustwave have come across several samples of emails purporting to be from legitimate organizations attempting to share information on the Ebola virus, but in reality compromises victims with a Remote Access Trojan (RAT).
In one example the message claims to be from the World Health Organization and offers an attachment that provides tips on how to stay safe from the virus, according to a blog post.
When the file is executed and run, the RAT, which goes undetected by anti-virus software, is capable of logging keystrokes, capturing webcam and sound activity, uploading and executing files, as well as stealing passwords and executing shell commands. The stolen information is then sent to a remote server. Researchers believe that this is currently not a widespread or targeted campaign.
A similar attack spoofed CNN news regarding terrorists’ use of the virus.