A spam campaign is using two recent crashes involving Boeing 737 Max aircraft to distribute malware to unsuspecting users.
Discovered by 360 Threat Intelligence Center, a research division of 360 Enterprise Security Group, the campaign sends out attack emails that come from “[email protected]” with the subject line “Fwd: Airlines plane crash Boeing 737 Max 8.”
Attackers are using topics regarding #Boeing 737 MAX 8 crash and seems an email account from @IsgecPresses has been abused to deliver the mails. The attachment is a JAR file which drops H-WORM RAT.
— 360 Threat Intelligence Center (@360TIC) March 15, 2019
Supposedly written by a private investigator named Joshua Berlinger, the emails reference two recent crashes involving Boeing 737 Max aircraft. In the first incident, Ethiopian Airlines Flight 302 crashed just minutes after taking off from Addis Ababa Bole International Airport on 10 March, killing 157 people in the process. The second incident occurred several months earlier on 29 October 2018 when a Lion Air Flight 610 crashed after taking off from Jakarta airport, killing 189 people.
The email goes on to discuss how the Berlinger persona found a document leaked on the dark web. This file purports to identify several companies that will suffer similar crashes involving Boeing 737 Max aircraft in the future. Under the guise of helping them protect their loved ones, Berlinger asks users to view the document by opening an attached JAR file named “MP4_142019.jar.”
Bleeping Computer creator and owner Lawrence Abrams explains what happens next:
If a user attempts to open the JAR file, it will be executed by JAVA on the computer. This attachment was originally thought to only install the Houdini H-worm Remote Access Trojan, (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/spam-campaign-uses-recent-boeing-737-max-crashes-to-push-malware/