Category Archives: Credential Stealer

RE:FREE FACE MASK

Found and analysed by Group-IB Seen since late March Threat type – credential stealer ‘Sender’ – Export Galaxy Key words: RE:FREE FACE MASK, Dear Sir/ Mada, hope the COVID 19 will pass soon and every one is safe, factory to produce mask, lilian di, Galaxy Electronic Industrial CO,. LTD.

The White House Instruction

Found and analysed by ImmuniWeb Seen since early April ‘Sender’ – ‘Donald Trump’ Threat type – Credential stealer Keywords: Statements & Releases, The White House, the white house instruction for coronavirus, the quarantine will be prolonged till August 2020, open and read below President’s New Coronavirus Guidelines for America.

Urgent Need: US Departments

Found and analysed by Sonic Wall Seen since late March ‘Sender’ – Gold Medical Supplies Threat type – Credential stealer Keywords: Urgent Need: US Departments of Health and Human Services/Covid-19 Face Mask/Forehead thermometers, dear supplier, Sheila Conley

Covid-19 Emergency Funds Update

Found and analysed by Sonic Wall Seen since late March ‘Sender’ – IRS Threat type – Credential stealer, malware download Keywords: Covid-19 Emergency Funds Update, You are entitled to emergency funds aid package, kindly check the attached file

TEXT: HMRC Payment

Found and analysed by RSA Seen since late March Threat type – credential stealer ‘Sender’ – HMRC Key words: NHS promise to battle the COV-19virus, HMRC has issued a payment of £258 as a goodwill payment, hmrc-cov.payment.estrodev.com

TEXT: COVID-19 PC Optimum

Found and analysed by RSA Seen since late March Threat type – malicious URL ‘Sender’ – PC optimum Key words: COVID-19 PC Optimum has rewarded you 2000 thousand points due to these unprecedented times, covipc.com

COVID-19 Updates

Found and analysed by Cofense Seen since early March ‘Sender’ – ‘ICAO APAC’ Threat type – Credential stealer Keywords: COVID-19 Updates, Dr Ansa Jordaan, Chief of Aviation Medicine, economic impact report, Mongolia (#48 to 50), sitrep, EPI-WIN, EASA