Security researchers are warning of a new sextortion-related campaign designed to trick the recipient into clicking on a nude image booby-trapped with malware.
The unsolicited email contains a message from ‘Red Skull’ hacking crew, who claim to have compromised the account of a contact of the recipient and found images of his naked girlfriend.
As this individual didn’t pay up, the hackers are now emailing the image to everyone in his contacts list, or so the scam goes.
To view the picture, the user is encouraged to “enable content” and in so doing execute macros on the machine. However, doing so will run a PowerShell command in the background to download and execute the Racoon information-stealing malware, according to IBM X-Force.
Fortunately, the associated domain has been taken down.
“This new take on sextortion is quite remarkable. It makes the victim believe that someone they know has been exploited in an attack that has nothing to do with them. If people do not identify as the victim, they may act much more careless, especially those curious to find out who was actually targeted,” the security vendor explained.
“Thanks to the quick removal of the domain, it is safe to say that the success of this single campaign should be less significant, despite the sophistication and creativity of its emails. Nevertheless, the threat actor distributing these emails has been very actively exploring new methods of social exploitation, so this will certainly not be the last time we write a collection about these types of emails.”
In fact, the same hackers are behind a new campaign in which malicious spam is sent to users posing as an “indictment message” sent by a court. The relevant information on the hearing is said to be included in the malicious attachment.
Other phishing emails use DocuSign as a lure to click through and unwittingly download Racoon.