Even simple phishing schemes can be effective if they appeal to human weaknesses.
An updated version of the malicious information-stealing software called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. Cofense cyber expert Dylan Duncan reports that hackers use a unique trick in phishing emails that arouses extreme curiosity of victims, as a result of which they are highly likely to fall for the fraudulent bait.
The attack begins with an email to a random employee of an oil and gas company claiming that his vehicle was involved in an accident. The researchers recorded the following email topics that most often came to potential victims:
The malicious link in the email mimics an image posted on Google Images and uses an open redirect vulnerability to eventually lead recipients to a PDF file that indicates that the victim's vehicle allegedly became a participant in an accident and fled the scene, and a potential fine for this can amount to $30,000.
Of course, if the victim immediately contacts the local Department of Transportation, the fine can be avoided. At least, this is the story the attackers want the victim to believe.
The aforementioned PDF file contains a blurry image of a car accident, as well as a fake notification from the Adobe Reader service, which states that the image cannot be viewed until the victim updates the software.
After clicking on the "Update" button (and in fact to any place within the malicious image), a ZIP archive is downloaded to the victim's computer with a disguised payload of Rhadamanthys, a malware written in C++ used to collect confidential data from infected hosts.
Earlier, the victims of such an attack were Ukrainian accountants and civil servants, who also received dozens of phishing emails aimed at distributing the Smokeloader ransomware. The malware disguised itself as seemingly harmless financial documents, most of which were legitimate, as they were stolen from organizations previously compromised by attackers.
Despite the constant warnings about phishing attacks, many people still fall for the tricks of intruders. This example demonstrates that even simple-to-implement phishing schemes can be effective if they appeal to human weaknesses — curiosity, fear, and the desire to avoid problems.
To protect yourself, you need to cultivate vigilance, critical thinking, and manipulation recognition skills. This is the only way to protect yourself from targeted attacks aimed at stealing valuable information.
An updated version of the malicious information-stealing software called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. Cofense cyber expert Dylan Duncan reports that hackers use a unique trick in phishing emails that arouses extreme curiosity of victims, as a result of which they are highly likely to fall for the fraudulent bait.
The attack begins with an email to a random employee of an oil and gas company claiming that his vehicle was involved in an accident. The researchers recorded the following email topics that most often came to potential victims:
- "Urgent: View information about your car accident";
- "Warning required: Your car collided";
- "An incident involving your car: immediate action is required";
- "Notification: an incident involving your car";
- "Your car accident: urgent legal action is needed."
The malicious link in the email mimics an image posted on Google Images and uses an open redirect vulnerability to eventually lead recipients to a PDF file that indicates that the victim's vehicle allegedly became a participant in an accident and fled the scene, and a potential fine for this can amount to $30,000.
Of course, if the victim immediately contacts the local Department of Transportation, the fine can be avoided. At least, this is the story the attackers want the victim to believe.
The aforementioned PDF file contains a blurry image of a car accident, as well as a fake notification from the Adobe Reader service, which states that the image cannot be viewed until the victim updates the software.
After clicking on the "Update" button (and in fact to any place within the malicious image), a ZIP archive is downloaded to the victim's computer with a disguised payload of Rhadamanthys, a malware written in C++ used to collect confidential data from infected hosts.
Earlier, the victims of such an attack were Ukrainian accountants and civil servants, who also received dozens of phishing emails aimed at distributing the Smokeloader ransomware. The malware disguised itself as seemingly harmless financial documents, most of which were legitimate, as they were stolen from organizations previously compromised by attackers.
Despite the constant warnings about phishing attacks, many people still fall for the tricks of intruders. This example demonstrates that even simple-to-implement phishing schemes can be effective if they appeal to human weaknesses — curiosity, fear, and the desire to avoid problems.
To protect yourself, you need to cultivate vigilance, critical thinking, and manipulation recognition skills. This is the only way to protect yourself from targeted attacks aimed at stealing valuable information.
