Threat Actors Target SMBs Using Government Grant Phishing Emails

Threat actors are targeting Small and Midsize Businesses (SMBs) with phishing emails in an attempt to deliver the Remcos remote access trojan (RAT). Aimed at SMBs that may be experiencing financial problems from COVID-19 shutdowns, the threat actor impersonates the US Small Business Administration (US SBA). The email closely resembles legitimate emails and processes, using the official logo and footer, though there are instances of broken English, which is often found in phishing emails. If opened, the malicious attachment – masquerading as a disaster assistance grant or testing center voucher – will launch Remcos. Successful infection will grant the attacker full control over the victim’s device and further allow theft of sensitive information. 

The NJCCIC recommends users avoid clicking on links, enabling macros, or opening attachments delivered with unexpected or unsolicited emails, and exercise caution with emails received from known contacts or trusted entities. Furthermore, we urge SMBs to educate themselves and others of this and similar attacks. Additional details can be found in the Bleeping Computer article.