The confirmation that US President Donald Trump has been infected by the Coronavirus, and had to spend time this weekend in hospital, has – understandably – made headlines around the world.

And there are plenty of people, on both sides of the political divide, who are interested in learning more about his health status.

It’s no surprise, therefore, to discover that cybercriminals are exploiting that interest with the intention of infecting users’ computers.

Hot on the heels of the developing coverage of Donald Trump’s hospitalisation and return to the White House, hackers have spammed out emails designed to trick the unwary into clicking on a malicious link by offering more details related to the US President’s health.

Security researchers at Proofpoint, who last week warned of a malware campaign claiming to come from the Democratic National Committee, posted details on Twitter of the new and active malicious attack they had seen targeting hundreds of US and Canadian organisations.

Example of malicious email

The emails, which have been seen using subject lines such as “Recent materials pertaining to the president’s illness”, “Newest information about the president’s condition”, and “Newest info pertaining to President’s illness”.

The body of a typical malicious email sent out in the campaign reads as follows:

What we really know and even what we don’t about Trump’s COVID health problems.

Insider information about Trump’s][health condition, please remember to use the code because the record is encrypted: 123


As Bleeping Computer reports, clicking on the link does indeed take curious users to a Google Doc.

Google DOC

However, the Google Doc itself contains a link to a malicious webpage, where the malware can be downloaded from. To reassure targeted users, the online document deceptively gives the impression that Google has scanned the file residing at the link and deemed it safe.

In (Read more...)