A new phishing scam is duping unsuspecting victims with enticing links promising access to President Trump’s alleged health records and top-secret COVID-19 treatment information. In reality, these misleading links are triggering downloads that sneak a new, dangerous form of malware onto the PCs of unsuspecting truth-seekers.
The ProofPoint cybersecurity firm discovered the scam soon after news of Trump’s COVID-19 diagnosis broke. According to the firm’s report, clicking the fake link infects your PC with the “BazaLoader” trojan. BazaLoader is a “first-stage downloader” that allows hackers to view files on the victim’s PC and install other malware remotely. It can even grant access to other devices on the same local network, putting your family, roommates, or coworkers at risk even if they don’t download anything.
BazaLoader is a massive threat on its own, but this scam uses the trojan to distribute a new, unknown type of malware. Researchers are looking into everything this new malware can do.
This is the latest coronavirus and 2020 US election-related phishing campaign in a year chock-full of similar scams, and it’s a safe bet more will surface in the coming weeks.
To protect yourself, Proofpoint recommends using anti-malware software and common-sense data security practices; in other words, don’t open messages from unknown addresses making claims about “top secret” information, and definitely don’t click on random links or download unexpected attachments.
If you’re reading this post, chances are you know these tips already, but it’s a good idea to give your family and friends a heads up about these phishing scams, too. We assume that most astute Lifehacker readers are safe from these obvious tricks, but there are plenty of people whose political fervor might outweigh their logic.
Not everyone pays attention to the latest malware threats, and we all know someone who will find a subject line like “Trump’s Top Secret Coronavirus treatment information” irresistible. Remind them that the dumpster fire of 2020 has left all of us with questions, but clicking on a random email link, internet ad, or Facebook post won’t provide any answers. It just puts everyone who uses the same network at risk.
If you want to help, aid them in installing anti-malware software and getting their security practices in check. We even have recommendations for simple video and screen-sharing apps you can use to assist your less-tech-savvy friends and loved ones while maintaining social distance.