Application security, Threat Management, Incident Response, Malware, TDR

Ascesso malware spreading via student loan forgiveness spam

The bad actors behind a new malware contagion are exploiting the desperation of American college graduates looking for relief from their student debt, according to a Symantec report.

A number of spam campaigns offering to provide relief to college graduates needing to pay off their student loans delivers instead Ascesso malware (aka Tofsee), a trojan (Trojan.Ascesso) first detected by Symantec in 2001 that uses rootkit techniques, injects code into services.exe and downloads remote files.

This audience is a potentially lucrative target for the cyberthieves behind this scourge as 42 million graduates owe collectively more than $1.3 trillion in debt, according one report, so when an email arrives with vague offers to forgive loans, many are susceptible to the spam emails. Unsuspecting recipients are duped by the enticing offer appearing as a response to an inquiry the target allegedly made communicating with a student debt forgiveness program.

While the emails' details are ambiguous at best, offers are made to alleviate money owed with a garnish of debt with an expected tax refund. In one example noted by Symantec, targets have called a listed number and been told to purchase an iTunes gift card worth hundreds of dollars to serve as an "application fee," before being hit up following that with requests for more cash.

“The student loan scam spam comes in a variety of forms but typically offers a reduction in student debt, consolidation of debt, or student loan forgiveness," according to the Symantec report. "The scam emails will entice readers with offers that seem, and are, too good to be true, such as qualifying for zero payment or having their entire loan forgiven. Others may try to charge for services that can be accessed for free from the government, your lender, college, university, or other sources.”

A number of such email messages have been sent, but regardless of the enticement, they all result in the download of Ascesso. Once injected onto a user's system, miscreants can launch secondary attacks, including malware campaigns, distributed denial-of-service (DDoS) offensives, and more.

Symantec reported that it has detected several variants of this malware family with "extended capabilities to download additional malicious plugin components." These add-ons enable further crimeware activities, including the downloading of different malwares, distributed denial of service (DDoS) attacks, Bitcoin mining, click fraud and data stealing, Symantec wrote.

Its anti-virus product prevents infection, Symantec said. Experts advise that graduates should look only to U.S. government student loan forgiveness programs, as these don't ask for fees.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.