Leading banks, social media giants and other major organizations are being targeted in a massive spam campaign that is leveraging the Gameover variant of the nefarious Zeus trojan – as well as additional malware – to steal credentials and other information.
Security company Easy Solutions confirmed the campaign was ongoing in a Friday email to SCMagazine.com, which highlights Facebook, Twitter, Bank of America, and Deutsche Bank as just a handful of the numerous targeted organizations.
In a Friday email correspondence, David Castañeda, VP of research and development with Easy Solutions, told SCMagazine.com that hundreds of unsolicited emails, driven by botnets, are claiming to come from UK-based Broad Oak Toiletries Ltd.
“[The spammers are looking] to steal credentials, including second factor authentication, such as challenge questions used by financial institutions,” Castañeda said, explaining that the emails come attached with an invoice, which appears as a Microsoft Word document, but is actually the trojan.
Double clicking on the executable will result in the installation of the Gameover malware with the Necurs rootkit, as well as ransomware, Castañeda said, adding that the proper use of the English language in the body of the email makes the phish a bit tougher to spot.
On the Broad Oak website, a message states that someone spoofed one of its email addresses from an outside source.
“Our systems are not compromised in any way, and none of the SPAM emails are from a valid Broad Oak Toiletries email address, however they appear to be from the broad-oak.co.uk domain and we are therefore being contacted continuously by recipients worried by the email they have received,” according to the message posted on the website.
In order to defend against these types of attacks, Castañeda suggests not accepting or downloading attachments from unknown sources, as well as frequently updating anti-virus, spam filters and content filters.