Phishing Emails Claim to be from WHO Director-General
NJCCIC Alert
Original Release Date: 2020-03-27
A new phishing campaign delivers emails purportedly from the Director-General of the World Health Organization (WHO) Tedros Adhanom Ghebreyesus. The emails contain an attachment, named CURE.exe, that supposedly includes information on drugs for the prevention and treatment of COVID-19. The .exe file attachment contains a .NET executable that downloads the HawkEye trojan. HawkEye is an information stealer that logs keystrokes and captures screenshots. The data is sent back to the threat actors via encrypted email. A similar phishing campaign is targeting NJ State employees with these same lures, but instead using a malicious Word document to deliver HawkEye.
The NJCCIC recommends users exercise caution with COVID-19-themed emails, social media posts, and links. More information on this campaign is found in the IBM X-Force post.
Featured Content
- Widespread Exploitation of Microsoft Exchange Vulnerabilities>
- Protecting Against Tech Support Scams>
- PATCH NOW: Critical Vulnerabilities in F5 Software>
- Is Seeing Believing? A Look into Deepfakes>
- Threat Highlight: Impersonation Scams>
- Gootloader Malware Platform Uses Sophisticated Techniques to Deliver Malware>
- Patch Now: Severe Vulnerabilities in Microsoft Exchange Server>
- Event: JerseyCTF, April 10th & 11th, 2021>
- Beware of Tax Scams>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.