A new malware called "Voldemort" has been making waves in recent weeks, sending over 20,000 emails worldwide as it spreads through phishing attacks. Discovered by IT security researchers at Proofpoint on 5 August, this malware has proven to be very deceptive. "Voldemort" employs a sophisticated tactic to evade detection: it disguises its network traffic as legitimate by using Google Sheets as an interface. This method allows the malware’s data transmissions to appear harmless, slipping past security programs unnoticed.
How It Spreads: The malware is being distributed via phishing emails that are designed to look like they come from tax authorities. These emails contain links to what appear to be important documents, tricking victims into downloading a disguised file. When the link is clicked, a ZIP file that looks like a PDF is automatically downloaded. This file then installs the "Voldemort" malware in the background. Once activated, "Voldemort" can steal sensitive data, download additional malware, or even delete files.[1]
According to T-Online and Proofpoint, the malware is primarily focused on data theft, which poses serious risks, particularly for businesses. The stolen data could potentially compromise national security.
The researchers believe that the "Voldemort" campaign may be linked to a government-affiliated group and could be intended for espionage. The combination of traditional phishing techniques with the unusual use of Google Sheets suggests
How to Protect Against "Voldemort" - To protect against this new threat, Proofpoint recommends several security measures:
- Restrict Access: Limit access to external file-sharing services.
- Block Connections: Block connections to TryCloudflare, a service from Cloudflare that can be exploited by attackers.
- Monitor PowerShell Scripts: Keep an eye on suspicious PowerShell scripts, which can be used to automate and manage systems.
- Employee Awareness: Regularly train employees to recognize phishing attempts.
- Use Multi-Factor Authentication: Implement multi-factor authentication to add extra layers of security.
By following these steps, businesses and individuals can better protect themselves from the "Voldemort" malware and other similar threats.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://www.msn.com/en-us/news/technology/new-malware-spreads-via-email-disguised-as-google-app/ar-AA1pUkfR
Comments