APT group Gamaredon adopts COVID-19 lures to spread malware

Summary

Gamaredon drops emails with malicious attachments that inject malicious macros codes, evades detection. Some of these emails use COVID-19 lures as well.

The Carrier

  • Trend Micro has identified emails, with subjects such as “Coronavirus (2019-nCoV)“, which contain malicious attachments in docx format.
  • Some of these emails use COVID-19 lures, to capitalize on the Coronavirus panic, which makes people more susceptible to opening such emails and attachments.
  • The malware attachments use the Gamaredon group’s tactics.

Table of Contents

Request an easy and customized demo for free