Hackers Use Recent Disaster to Spread Malware
Threat actors are using recent tragedies to distribute malware via spam emails. The emails claim knowledge of leaked information from the dark web pertaining to “possible airlines that will go down soon,” and requests users forward the email and attachment to loved ones. If the attached Java archive (JAR) file is opened, it will then execute a Houdini Remote Access Trojan (H-WORM RAT) as well as Adwind, which is a backdoor capable of stealing user information. The NJCCIC strongly recommends users refrain from both forwarding unsolicited emails and clicking on any links or attachments in these emails. More information about this malspam campaign can be found on Bleeping Computer’s blog post.