Phishing attacks take advantage of Folding@home project

Phishing attacks take advantage of Folding@home project

Image result for phishing email banner

Folding@home project Phishing Attacks are starting to appear online! Cyber criminals are starting to send out a new phishing email which takes advantage of the Coronavirus pandemic and the race to develop medications by promoting a fake Folding@home app that installs an information-stealing malware on the targets system.

Folding@home is a well-known computing project that enables users to download software that uses CPU and GPU cycles to look for new disease drug opportunities and also helps promote a deeper understanding of different diseases.

Since the COVID-19 outbreak is spreading all over the world, Folding@home has added more than 20 new initiatives focused on coronavirus research and people around the world have seen a significant rise in use.

Taking advantage of a good thing with targeted phishing email

Security researchers at ProofPoint have uncovered a new phishing campaign with the increase in popularity of Folding@home, which pretends to be from a coronavirus company creating a cure. The Folding@home project Phishing Attacks are currently trying to take advantage of the COVID-19 publicity.

These emails are sent out with a subject titled “Please help us with Fighting corona-virus” and say that they want you to help “speed up our process of finding the cure” by downloading and installing the Folding@home client.

Folding@home Phishing email
Folding@home Phishing email

Text Reads – Greetings from Mobility Research Inc and Folding@Thome As we all know, recently corona-virus is becoming a major threat to the human society. We are a leading institution working on the cure to solve this world-wide crisis. However, we need your help. With your contribution, you can speed up our process of finding the cure. The process is very simple, you will need to install an app on your computer, which will allow us to use it to run simulations of the cure.

Embedded in the phishing email is a “Download now” button that installs a file called foldingathomeapp.exe. This is the redline information-stealing trojan.

“RedLine Stealer is new malware available for sale on Russian underground forums with several pricing options: $150 lite version; $200 pro version; $100 / month subscription option. It steals information from browsers such as login, autocomplete, passwords, and credit cards. It also collects information about the user and their system such as the username, their location, hardware configuration, and installed security software. A recent update to RedLine Stealer also added the ability to steal cryptocurrency cold wallets,” ProofPoint states in their report.

When enabled, the malware can connect to a remote server to receive commands about what types of data the victim has stolen. Such instructions are sent using the message protocol SOAP as seen in the picture below.

RedLine getting instructions
RedLine getting instructions – source bleeping computer

 

This malware will rob browsers of saved login credentials, credit cards, cookies, and auto-complete fields. Also, it can collect data from FTP and IM clients, steal files, download files, execute commands, and send back machine information.

You can see an example of this malware in action in an Any.run session performed by security researcher James.

Since this malware may steal a large amount of information, anyone who has fallen victim to this scam should conduct a scan with antivirus software immediately.

They will also change passwords on any online accounts they visit because they could now be in the attackers ‘ hands. This will be done from another device before they are confident they have cleaned their contaminated device.

It should also be remembered that Folding@home is a great project and it doesn’t mean it should be avoided only because people are doing scams in their name.

Just be sure to download the Folding@home client only from the legitimate site.

Please check out our Security Awareness Training service to see how we can help educate your employees!

Posted on