The Fallout Exploit Kit is Still Out There Infecting Systems With Malware
Last updated June 23, 2021
The Coronavirus pneumonia outbreak that has started from Wuhan, China on December 31, 2019, has brought severe consequences to the tech and IT world. Large companies are pulling out of the upcoming Mobile World Congress in Barcelona, Foxconn’s hardware production numbers have been greatly impacted, and the global smartphone production is expected to fall by 12% in Q1 2020, all because of the virus. Of course, crooks haven’t been sitting with their arms crossed, as they were quick to take advantage of the situation by using email to spread Emotet in Japan.
With ten days have passed since then and the situation with the virus getting more and more out of control, new actors are joining in the exploitation game. Proofpoint now reports that a new group has been using the Coronavirus threat to disrupt global shipping operations. Thus, they are indirectly affecting the industrial, financial, pharmaceutical, cosmetics, and transportation sectors. The Word documents that are attached in the emails which are sent across various shipping companies feature an exploit of a 2.5-year-old vulnerability (CVE-2017-11882) that makes it possible to install AZORult on the target. AZORult is a dangerous malware that can steal sensitive user information, so the actors are engaging in cyber-espionage.
The messages are sent to very specific addresses, demonstrating the sophistication and preparatory work done by the group. As for the content, it’s brief, urging the recipient to open the attachment which is named “Caution On Coronavirus”. If the recipient is careless enough to open the file and if their Microsoft Office suite hasn’t been updated since November 2017, then the malicious actor succeeds. Thus, if you work in the global shipping industry, you are advised to be very careful with any unsolicited messages that you may receive these days.
As we can see, the coronavirus outbreak has both a primary and a secondary impact, and both are getting worse as we move forward in time. It is all going to stop only when we finally develop a cure for it, but according to the most recent reports, we’re unfortunately not there yet. Reportedly, the Chinese have started to test a novel anti-viral drug in coronavirus patients a few days ago, while at least another 30 pharmaceutical companies are developing their own drugs and vaccines. One would assume that events like this would force companies to have their research teams collaborate, but so far, we’re seeing very little of that happening.