Phishing attacks leverage Boeing 737 Max warnings

Large airline crashes tend to uniquely focus almost everyone’s attention. Lowlife Internet thieves exploit the fear surrounding Boeing 737 Max crashes. They leverage that fear in phishing attacks.

southwest airlines max 8
A new phishing attack campaign is underway that uses the recent Boeing 737 Max crashes as a way to infect workstations with both remote access and info-stealing Trojans. This new campaign was discovered by 360 Threat Intelligence Center, who posted about them on Twitter and include a VirusTotal link which shows the AV engines that catch it.

360-treatintel-tweet

These emails pretend to be from a private intelligence analyst who found a leaked document on the dark web. This document pretends to contain information about other airline companies will be affected by similar crashes soon, and in broken English “kindly notify your loved ones about the informations on these file” <sic>.

Who sends the phishing attacks?

The emails are coming from an email address at info@isgec.com and have subject lines similar to “Fwd: Airlines plane crash Boeing 737 Max 8”. They also contain a JAR file as an attachment with names similar to MP4_142019.jar. Here is a screenshot:

373-max-phishing-attack

Bleepingcomputer confirmed that both H-Worm RAT and Adwind info-stealing Trojans were installed.

 Send this reminder to your users. Feel free to edit, copy/paste:

Airplane Crash Scam Warning. Be on the lookout for emails in your inbox from “analysts” about the recent Boeing 737 Max airplane crashes, asking you to notify your loved ones about possible other airlines “that will go down soon”. These emails come with infected attachments that might make it through the filters, either at the office or at your house.  Remember to always be alert about email with unknown attachments, and never open an attachment unless you are expecting it from the sender and have confirmed that they have actually sent it to you.”

Cyber Safety Net – Keeping you safe online. See https://cybersafetynet.net/cyber-security-awareness-training/ to train and strengthen your human firewall. See https://youtu.be/UFpFesrcnvY and https://www.knowbe4.com/security-awareness-training-features/ to learn more.