Attackers are now taking advantage of Middle East Respiratory Syndrome (MERS) reports in South Korea for their own cyberattack campaigns. According to Symantec attackers are spreading MERS-themed emails in order to compromise their targets’ computers with Trojan.Swort.
Symantec Security Response recently came across a malware campaign that took advantage of the MERS outbreak to attract the attention of its targets. A few days ago, Symantec gathered a malicious sample from external sources. The malware appears to have been spread through emails and is a simple .exe file that poses as a Microsoft Word document. The file name is written in Korean and translates as “MERS_List of hospital and infected patient.docx.exe”.
During analysis of the sample, it was confirmed that it is not a sophisticated threat. Instead, it is a simple downloader that was detected as Trojan.Swort. The research found that the remote host which the malware is configured to connect to is not responding.
Last year, attackers used the theme of the Ebola virus as bait to spread malware. Attackers have historically used major news stories as themes for their campaigns in attempts to trick targets into opening malicious attachments or links. They may use local news themes as bait when targeting a particular region. However, MERS is quickly becoming a global concern, considering its reported spread to other Asian countries. According to Symantec there will be more cyberattacks piggybacking on the incident through spam emails, phishing, and spear-phishing attacks.