Threat actors are once again leveraging tragedy, this time sending spam messages concerning the recent Boeing 737 MAX crash which took place last week.
The campaign was discovered by 360 Threat Intelligence Center researchers who posted about the malicious campaign on Twitter.
Cybercriminals posing as a “private intelligent analyst” are sending spam loaded with malware to unsuspecting users claiming to have leaked information from the dark web on other airline companies that will “go down soon” and instructing the users to download the file and notify their loved ones.
The malspam contains a malicious JAR file and an attachment with names similar to MP4_142019.jar that if clicked, will be executed in Java to install the Houdini H-worm Remote Access Trojan and the Adwind information-stealing Trojan, Bleeping Computer researchers found.
The emails are coming from the address firstname.lastname@example.org and contain subject lines such as “Fwd: Airlines plane crash Boeing 737 Max 8.”