Phishing attacks leverage Boeing 737 Max warnings
Large airline crashes tend to uniquely focus almost everyone’s attention. Lowlife Internet thieves exploit the fear surrounding Boeing 737 Max crashes. They leverage that fear in phishing attacks.
These emails pretend to be from a private intelligence analyst who found a leaked document on the dark web. This document pretends to contain information about other airline companies will be affected by similar crashes soon, and in broken English “kindly notify your loved ones about the informations on these file” <sic>.
Who sends the phishing attacks?
The emails are coming from an email address at info@isgec.com and have subject lines similar to “Fwd: Airlines plane crash Boeing 737 Max 8”. They also contain a JAR file as an attachment with names similar to MP4_142019.jar. Here is a screenshot:
Bleepingcomputer confirmed that both H-Worm RAT and Adwind info-stealing Trojans were installed.
Send this reminder to your users. Feel free to edit, copy/paste:
“Airplane Crash Scam Warning. Be on the lookout for emails in your inbox from “analysts” about the recent Boeing 737 Max airplane crashes, asking you to notify your loved ones about possible other airlines “that will go down soon”. These emails come with infected attachments that might make it through the filters, either at the office or at your house. Remember to always be alert about email with unknown attachments, and never open an attachment unless you are expecting it from the sender and have confirmed that they have actually sent it to you.”
—
Cyber Safety Net – Keeping you safe online. See https://cybersafetynet.net/cyber-security-awareness-training/ to train and strengthen your human firewall. See https://youtu.be/UFpFesrcnvY and https://www.knowbe4.com/security-awareness-training-features/ to learn more.