As US citizens wait for President Trump’s final decision about whether quarantine will be over by Easter, malware peddlers have already “decided”: quarantine will be prolonged until August 2020.
Phishing emails point to malware
Researchers with anti-phishing startup Inky have spotted two phishing emails purportedly coming from the White House, “signed” by President Trump.
Both include a link to a compromised website that served a nearly perfect replica of the real White House Coronavirus informational site:
The victims are urged to download and peruse the document. Unfortunately for those who do it, they will be likely infected with a dropper Trojan (file hashes).
This particular page, located on a compromised Russian site, has been taken down, but it’s easy for criminals to set up new ones and change links in the phishing emails.
An email from Mike Pence?
In addition to these emails, Inky has also detected an email purportedly coming from Vice President Mike Pence.
This one is not COVID-19-themed and does not contain a link. It sound a bit like the beginning of an extortion attempt, though it’s likely to be an advance-fee scam:
The email will not fool the majority of recipients, but there is always a small subset of gullible users that will not find anything suspicious in the atrocious grammar, spelling and wording used, and will self-select to be scammed.