Windows 10 News and info | Forum
May 24, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Spam Warns about Boeing 737 Max Crashes While Pushing Malware  (Read 23 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 30037


I Do Windows


WWW Email
« on: March 17, 2019, 01:50:25 PM »
ReplyReply


A new malspam campaign is underway that is trying to utilize the tragic Boeing 737 Max crashes as a way to spread malware on a recipient's computer. These spam emails pretend to be leaked documents about imminent crashes that the sender states should be reviewed and shared with loved ones to warn them.

This new campaign was discovered by 360 Threat Intelligence Center, a research division of 360 Enterprise Security Group, who posted about them on Twitter.



The emails are coming from an email address at info@isgec.com and have subject lines similar to "Fwd: Airlines plane crash Boeing 737 Max 8". They also contain a JAR file as an attachment with names similar to MP4_142019.jar.


Spam Email - click to enlarge

These emails pretend to be from a private intelligence analyst who found a leaked document on the dark web. This document pretends to contain information about other airline companies will be affected by similar crashes soon.

The full text of the email can be read below.

Quote
Greetings

I believe you have heard about the latest crash Boeing 737 MAX 8 which happen on sunday 10 march 2019, All  passengers and crew were killed in the accident

Ethiopian Airlines Flight ET302 from Addis Ababa, Ethiopia, to Nairobi, Kenya, crashed shortly after takeoff

The dead were of 35 different nationalities, including eight Americans.

On 29 October 2018, the Boeing 737 MAX 8 operating the route crashed into the Java Sea 12 minutes after takeoff.

All 189 passengers and crew were killed in the accident.

note: there was a leak information from Darkweb which listed all the airline companies that will go down soon.

kindly notify your love ones about the informations on these file.
 
Regards

Joshua Berlinger
private inteligent analyst


If a user attempts to open the JAR file, it will be executed by JAVA on the computer. This attachment was originally thought to only install the Houdini H-worm Remote Access Trojan, but security researcher Racco42 felt that it was too large to just be that single malware.

After running it through Any.Run, he saw that in addition to installing H-Worm RAT, it was also installing the Adwind information-stealing Trojan.

BleepingComputer confirmed this by executing the attachment, which led to two malware files being installed in the %AppData% folder as shown below.


Installed Malware - click to enlarge

The ntfsmgr.jar is the Adwind Trojan [VirusTotal] and the VBS file, shown below, is the H-Worm RAT [VirusTotal].


H-WORM RAT - click to enlarge

As always, beware of spam email with unknown attachments and never open an attachment unless you are expecting it from the sender and have confirmed that they have actually sent it to you. Otherwise, you never know what you will be opening and potentially infecting yourself with.

sources
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page March 19, 2019, 12:21:52 AM