If there's one thing 2022 has proved, It's that it's not just your grandparent's computers you need to be worried about. In the era of Discord hosted malware and NFTs, there's more threats than ever before coming for your digital data. It's easy to forget that something as simple as phishing emails exist, and are causing big problems for people's security.
Several sites are reporting an increase in phishing emails attempting to install malware on unsuspecting PCs. According to The Register, bad actors are using Microsoft Exchange servers that have been compromised to send out spam emails. Attached to the emails is an encrypted file, typically a .zip, continuing the malware known as IcedID.
The .zip file will often come with a password to unpack the file. In the emails this is presented as a layer of security to help make the victim feel more at ease. Instead entering the passcode will allow IcedID to immediately install onto the computer.
This malware then provides a backdoor for further installations from the criminals. Often this access is sold to another party wanting to install ransomware onto the machine.
Intezer further explains that the reason these emails are so convincing is due to thread hijacking. The emails containing the malware are often presented as a reply to a previously stolen email, making them look more valid and less randomised. Intezer also does a bit of a deep dive into how this new attack campaign is working which is worth a look for anyone interested in the ins and outs of how their computer can be attacked.
So far it seems the emails are using fairly consistent language, requesting an unprocessed payment for a recent contract. It's all purposely vague which should help to raise red flags for many. The details for this contract are supposedly in the malicious attachment which you would need to unlock using the provided code. We would recommend not doing so, and maybe get in control of all those passwords while you're at it.
As always, downloading something, especially in a compressed format from an email is risky business. But when it looks like this email comes from a known source, it's understandable that people are being caught unawares. This is just another reminder to be ever vigilant against cyber attacks.