Crooks Cold-Call Office Workers into Installing Malware
Cyberthieves are using a new social-engineering tactic — bogus business phone calls — to install malware on the computers of their corporate targets.
The crooks first telephone selected financial staffers at the targeted companies, informing them of pending invoices that will shortly arrive by email, the anti-virus firm Symantec reported on its Security Response blog.
Because the staffers expect the emails, they're less suspicious and more likely to open the attached "invoices" than if the emails had come out of the blue.
But of course, the attached "invoices" actually contain a Trojan horse that gives attackers remote control over the infected machines.
Once they're in, the criminals can use their ill-gotten access to install more malware or steal online-banking login credentials and other information that can be used in future financial crimes.
Symantec said evidence shows the campaign began in February, but the social-engineering phone call component may have been added as recently as April.
"The attacker is well prepared and has obviously obtained the email address and phone number of the victim prior to the attack," Symantec wrote on its blog.
"The victims of these attacks generally tend to be accountants or employees working within the financial department of these organizations. Since handling invoices is something they would do on a regular basis, this lure has the potential to be quite convincing."
So far, the attacks have targeted French companies; they have also hit subsidiaries of French companies in other European countries. The motivation appears to be financial gain.
The attackers are using a remote-access Trojan, or RAT, called Shadesrat, which can reportedly be licensed in cybercrime forums for $40 to $100 per year. Symantec said Shadesrat is under "active development" and is likely to be around for some time.
Targets of social-engineering tactics can best protect themselves by casting a skeptical and inquisitive eye on all communications, especially from strangers.
In this instance, financial staffers might have better protected themselves by verifying the identity of the person on the other end of the line and ensuring that the caller was actually a client.
It's also imperative to install quality anti-virus software and keep it up-to-date. Many anti-virus applications can stop users from downloading nasty code, and can quarantine the malware if it does find its way onto a computer.