Watch out for the new malware named as “Lebal” that spreads through phishing emails
The Lebal malware was detected in the very first week of january 2018, when the researchers found more than 300 phishing emails. The emails were targeting big companies and organizations to spread the “Legal malware” onto their systems.
According to reports, the emails sent from Sao Paulo and Brazil IP address. And then the announcement was made by Comodo Threat Research Labs that a data-stealing malware is rolling out and had already attacked five universities, 23 private companies, and a few government entities. So, the security experts alerted that this cyber threat could continue to impact more of the high-profile organizations.
Lebal Malware spreads through phishing FedEx emails including the executable link
Legal malware attacks in a very sophisticated manner and is unlikely to those malicious email attachments. The malware is clever at bypassing the security as it hides under multiple layers. The email laden malware is not send directly to the individuals instead, it firstly sends an a phishing email and then its second attempt is to send an email as a parcel delivery from FedEx that somehow failed and needs to be collected by the receiver manually. The email contains a link to the Google Drive which is actually the Lebal that the user should print and take with them to receiver the package. Many users out of curiosity, clicks the suspicious link and then the Lebal malware is dropped on their computer system.
Although, link appears to be very legit as it connects to the https protocol along with the secure connection identification and then it lands to drive.google.com. So user might not have any hint of any threat or malware invasion. As the file containing the malware hides within the Adobe Acrobat document. Once the user opens the file, it quickly downloads the “Lebal copy.exe” file and momentarily executes it on the targeted system.
Lebal malware is aimed at stealing private user’s information and cryptocurrency wallet info
The main purpose of the Lebal malware is to steal individual’s personal details that are stored in the browser’s cookies, login credentials and so. Also, it searches about the email contacts to spread the malware further.
Not only that, it also haunts the authors of cryptocurrency by obtaining details about their digital wallets like Bitcoins, Electrum or similar others. For this the authors of the malware targets the
FTP clients, for instance, FileZilla and WinSCP to fetch more information.
This is how Lebal malware attempts to steal all crucial data of the targeted user and send the collected info to their remote server through Command and Control server. These collected data are then used for various illegal actions and frauds.
User may not have the idea of such malicious activities going on without their consent. As the malware is capable to disable the security of the targeted computer system by turning off the firewall and other running security applications. Thus, users should be very careful while dealing with such shady malware. In case, you receive any such emails of package delivery, invoice or similar these, you should avoid it if you are not expecting any such things. As such things can lead to huge losses of money, confidential data and frauds.