The U.S. and global protests of the killing of George Floyd are being used to spread malware according to the cybersecurity non-profit organization abuse.ch.
The Zurich-based group identified a phishing campaign that capitalizes on the Black Lives Matter movement to distribute malware. Emails with the subject line “Vote anonymous about ‘Black Lives Matter’” have been sending a variant of TrickBot, a trojan-style program designed to steal credentials and data from computers running Windows.
The message of the email is brief, instructing users to, “leave a review confidentially about ‘Black Lives Matter,’” using an attached Word document file. If opened, the attachment then downloads a payload containing TrickBot, which infects the target computer.
The documented by Abuse.ch emails were sent from “County authority,” originating from the email address molecule.@shmbidgp.monster.
“Historically, TrickBot is an e-banking trojan. However, these days TrickBot is heavily used by various threat actors to install additional malware on the victim’s computer. In corporate networks, this usually leads to Ransomware such as Ryuk,” said a spokesperson from abuse.ch.