No, the government isn’t fining you for a traffic offense — it’s malware

New malware campaign observed targeting oil and gas companies

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

No, your company’s vehicle wasn’t involved in a car crash, and you’re not getting a five-figure fine for it from the government - it’s all an elaborate scheme to get you to install information-stealingmalwareon your computer, experts have warned.

Cybersecurity researchers from the Cofense Intelligence Team recently published a newblogin which they detailed a new phishing campaign that reaches its targets “at an alarming rate”.

In this campaign, the attackers are deploying a creative lure, and pairing it with multiple cloak-and-dagger methods to bypass email protection solutions. Furthermore, they are impersonating the Federal Bureau of Transportation to scare the victims into downloading and running the attachment.

Open redirects and impersonation

In the campaign, the unnamed attackers tell their victims that a company car was involved in an accident. The victims are mostly in the Oil and Gas sector, although Cofense isn’t sure exactly why. They speculate that the attackers could pivot to other industries rather fast, and will probably do that soon.

The phishing email comes with an embedded link that abuses open redirects, a vulnerability that allows an attacker to use a legitimate website as a stepping stone towards the malicious one. In this campaign,Google MapsandGoogleImages are being leveraged. The embedded link then redirects to a URL shortener, which then opens a site that hosts a PDF file.

This file is seemingly from the Federal Bureau of Transportation, and mentions a possible fine of $30,000 for the incident. It also comes with a clickable image, which triggers the download of a .ZIP file which hosts the Rhadamanthys Stealer. As soon as the file is run, it establishes a connection to the command and control (C2) server, and grabs the victim’s login credentials, cryptocurrency wallet data, and other sensitive files.

As usual, the best way to defend against these attacks is to use common sense and think twice before downloading and running email attachments.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics