GovInfoSecurity Twitter Get Permission The FBI is warning that hackers are increasingly using voice phishing, or vishing, to target remote workers as a way of harvesting VPN and other credentials to gain initial access to corporate networks.
Over the last year, the FBI says, hackers have targeted employees at U.S. and international corporations that use VoIP services through vishing techniques and other types of social engineering attacks. After gaining access to the network, many cybercriminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage, the FBI notes in an alert.
Phishing email that hides QRat malware (Source: Trustwave)
A recently spotted phishing campaign used the offer of a President Donald Trump video as a lure to spread the QRat Trojan that can steal passwords, take screenshots and enable attackers to take over a compromised Windows devices, according to the security firm Trustwave SpiderLabs.
Although the phishing emails spotted last month featured loan offers and a subject line about a “good return on investment,” they also contained an attached file claiming to offer a video of Trump. This file hid the QRat malware, according to the report.
QRat, which is also known as Quaverse RAT, was first spotted by researchers in May 2015. It can remain undetected because of multiple layers of obfuscation. The malware offers many functions, including the ability to steal passwords, act as a keylogger, take screenshots and browse files, according to previous reports.