24 Apr African banking sector targeted in Malware attacks
A new cybercrime campaign has targeted the African banking sector, using fake emails with job opportunities to steal data.
Through HTML files that link to fake websites, malware is hidden. The user is prompted to download an ISO file which is smuggling a visual basic script that executes malware without any input from the user. This technique is known as HTML smuggling and can be viciously effective on those without technical knowledge.
Individuals without knowledge of malware or phishing campaigns are tricked into trying to learn more about a proposed job opportunity with notably high pay or benefits to lure them in. Additionally, threat actors sending the emails have included legitimate emails of those working at rival banks as to further seem to authenticate the email.
“Detecting such a chain of infection is not easy,” researchers noted in a blog post, “the malware is only located in the memory and the registry.”
Whilst this campaign has been picking up in recent days across West Africa, the campaign was active in early 2022, with the fake domain used to HTML smuggle being established in December of 2021.
Recently, Africa has seen an increase in ransomware and botnet attacks, however online scams have been proven to still pose the biggest threat.