Bitdefender has found a new malicious phishing campaign trying to take advantage of the recent focus on the COVID-19 Omicron variant.
The new campaign looks like a request to modify shipment information from a Proforma invoice attachment. It mentions new government rules in response to the Omicron version that the recipient should know.
GuLoader, a widely used remote-access Trojan horse downloader best known for its anti-VM skills to evade detection, is one of the phishing email attachments. This RAT will be used to spread FormBook, an information scraper that was previously discovered in worldwide phishing efforts in July and September.
Over 90% of malicious emails come from IP addresses in the United States. Although telemetry suggests paying attention to targets in Asia-Pacific, the campaign has also moved to Europe, including the United Kingdom, Germany, and the Netherlands.
It was announced that, as users travel or prepare for Christmas and New Year’s celebrations, they expect additional threat actors to piggyback on Omicron in the coming weeks. Bitdefender advises users to practice good cyber hygiene and install a solid cybersecurity solution on their devices. Namely, that they should keep the operating systems and apps up to date and never open attachments from unsolicited emails unless they verify their legitimacy.