Rapid Ransomware Being Spread Using Fake IRS Malspam

Discussion in '0-day Release' started by silversurfer, Feb 13, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    A new variant of Rapid Ransomware is currently being distributed using malspam that pretends to be from the Internal Revenue Service. First detected by Derek Knight, this campaign is a mixup of countries with the IRS being a U.S. entity, the send being a UK email address, and the spam attachment being in German.

    This malspam campaign is being sent with emails subjects like "Please Note - IRS Urgent Message-164" and state that the recipient is behind in real estate taxes. It then goes on to tell the recipient to open the attachment to see a compiled report on how much is owed.

    Attached to the email is a zip file called Notification-[number].zip. Inside these zip files is a malicious word document, where a victim needs to click on Enable Editing followed by Enable Content in order for the macros to run. When the macro runs, it will download the Rapid Ransomware executable and execute it.

    Full Article: https://www.bleepingcomputer.com/news/security/rapid-ransomware-being-spread-using-fake-irs-malspam/
    Trim, Der.Reisende and RGiskardR like this.
  2. Google Adsense

Share This Page