Bitdefender Labs has just published a new investigation into the latest waves of malicious and fraudulent emails exploiting the military conflict in Ukraine. Multiple malspam campaigns are installing Agent Tesla and Remcos remote access Trojans on users’ computers.
Crypto charity and “Nigerian Prince” scam-style scams are intensifying. Scammers pose as the Ukrainian government, the international humanitarian agency Act for Peace, UNICEF, and other organizations, such as the Ukraine Crisis Relief Fund, to solicit financial aid.
- The attacks apparently originate from IP addresses in the Netherlands (86%) and Hungary (3%).
- In terms of distribution, recipients are in South Korea (23%), Germany (10%), the United Kingdom (10%), the United States (8%), the Czech Republic (14%), Ireland (5%), Hungary (3%), Sweden (3%) and Australia (2%).
- Agent Tesla is a well-known malware-as-a-service (MaaS) RAT data stealer capable of exfiltrating sensitive information including credentials, keystrokes, and clipboard data from its targets.
Key findings about the Remcos campaign:
- The malicious emails originate from IP addresses in Germany and the United States.
- The destination of the same is Ireland (32%), India (17%), the United States (7%), the United Kingdom (4%), Germany (4%), Vietnam (4%), Russia (2%) , South Africa (2%) and Australia (2%).
- The Remcos remote access Trojan allows attackers to capture keystrokes, screenshots, credentials, or other sensitive system information and exfiltrate it directly to their servers.
On February 25, the Bitdefender Anti-Spam Lab reported the first signs of scammers taking advantage of the Russian invasion of Ukraine and news of Ukrainian citizens fleeing the country. Unsurprisingly, scammers continue to take advantage of the current humanitarian crisis for their own financial gain.
Within hours of the invasion, the Ukrainian government announced that it was accepting donations of BTC and ETH cryptocurrencies, and the global community was not disappointed. According to the latest analysis of blockchain transactions, the ETH wallet received more than 18,524 transactions totaling more than $9.7 million, while the BTC wallet shows more than 9,300 transactions worth $9.4 million. millions of dollars.
No doubt; individuals, organizations, and governments are choosing sides, and cybercriminals have to step up their efforts to redirect any financial aid to their pockets.
“Major global events and crises are known to trigger malicious spam campaigns that exploit human emotions and people’s desire to help,” said Adrian Miron, Director of Anti-Spam Research at Bitdefender.
“So far, we have observed that attackers reacted very quickly to legitimate advertisements from Ukraine and other organizations by mimicking the format of their messages. We expect the variety of phishing and malware campaigns, as well as the volume of messages sent daily, to steadily increase, and attackers to adapt their persuasion methods accordingly.”
Bitdefender Labs is actively monitoring donation scam emails that entice recipients to donate money. Scammers pose as the Ukrainian government, the international humanitarian agency Act for Peace, UNICEF and other donation projects such as the Ukraine Crisis Relief Fund to deliver their requests for financial aid to help the Ukrainian military and millions of trapped civilians and children in military conflict.