If you use Microsoft Outlook, you need to be aware of a sophisticated new scam doing the rounds. A nasty piece of new malware designed to steal your usernames and passwords has been unearthed by security experts at Cisco Talos. The Trojan is designed to nab crucial login details from Microsoft Outlook, as well as Google Chrome, Microsoft Edge, Opera and other web browsers based on the Chromium code.
According to Cisco Talos, the popular Mozilla Firefox web browser, as well as apps such as Discord and NordVPN, have also been targeted by the latest version of the Trojan, which is known as Masslogger. The name comes from the fact that it’s designed to log your passwords en masse.
The nefarious Trojan is being spread via phishing emails, Cisco Talos explained in a blog post online. Given that Outlook is susceptible to the attack – and one of the most popular email clients on the planet, these users need to be on high alert.
The attack begins with a target being sent a message which appears to have a legitimate-looking email subject line related to a business. One of the messages Cisco Talos spotted had the email subject “Domestic customer inquiry” and the body of the email included the text “at the request of our customer, please send your attached best quotes”.
From the emails that Cisco Talos has spotted, it looks like the malware campaign has specific business targets in mind. In some emails, the threat actor tried to make the message appear more legitimate by adding in the email footer ‘Shipped with Genius Scan for iOS’.
Masslogger was first released in April 2020, and is designed mainly to steal credentials from browsers but can also target messaging applications and email clients. Credentials that Masslogger steals can then be sold on the DarkWeb, where they can fetch a high price.
The latest malware campaign that Cisco Talos spotted began in January and has mainly been spotting in Turkey, Italy or Latvia. Some emails that attackers have sent out have been sent in English though.
The phishing message that kickstarts the scam has been tailored for whichever country it is sent out in, with the email written in the language the targeted recipient would be using. Discussing the threat, Vanja Svajcer, an outreach researcher at Cisco Talos, said: “The actor employs a multi-modular approach that starts with the initial phishing email and carries through to the final payload. The adversaries behind this campaign likely do this to evade detection. But it can also be a weakness, as there are plenty of opportunities for defenders to break the killchain.”
To stay safe from this threat, and other similar threats, you really need to wary of any suspicious-looking emails from unfamiliar addresses. Individuals who feel they could be targeted should also carry out background memory scans and use email and web security solutions that are up to date and can alert users to the very latest threats.