close
close

New Harry Potter malware attacks reveal global espionage campaign

New Harry Potter malware attacks reveal global espionage campaign

Security researchers have detected a new malware suspected of espionage. Hackers infect devices by impersonating government agencies, typically tax authorities like the Internal Revenue Service (IRS). Once on a computer, the malware can gather intelligence (collect personal data, passwords, and more), download additional malware, and upload data to the hacker’s server. It does this all while using Google Sheets to avoid suspicion and store data.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – CYBERGUY REPORT HERE

It all starts with a fake email

The hackers behind the malware called “Voldemort” have cleverly designed it to avoid detection. Just as the name Voldemort in JK Rowling’s Harry Potter series means trouble, it’s also causing problems in the world of cybersecurity.

A cyberattack begins when you receive an email that appears to come from a government tax agency. Proof pointThe hackers behind this campaign are impersonating tax authorities in various countries, including the US (IRS), the UK (HM Revenue & Customs), France (Direction Générale des Finances Publiques), Germany (Bundeszentralamt für Steuern), Italy (Agenzia delle Entrate), and, as of August 19, India (Income Tax Office) and Japan (National Tax Office). Each email lure is customized and written in the language of the impersonated tax authority.

Proofpoint analysts found that hackers tailored phishing emails to match the target’s country of residence based on publicly available information, rather than the organization’s location or the language suggested by the email address. For example, some targets at an organization in Europe received emails impersonating the IRS because they were linked to the U.S. in public records. In some cases, hackers confused the target’s country of residence when they shared the same name as a more well-known person.

The email also attempts to spoof a government agency email. For example, fake emails were sent to US residents using “no_reply_irs(.)gov@amecaindustrial(.)com.”

The attack is cleverly carried out on your device

In the fake email, hackers impersonating the government warn you about changes to tax rates and tax systems and ask you to click on a link to read a detailed guide. Clicking on the link takes you to a landing page that uses Google AMP Cache URLs to redirect you to a page with a “Click to view document” button.

After clicking the button, the hackers check if you are using a Windows device. If you are, you will be redirected to another page. Interacting with this page will trigger a download that appears to be a PDF file in your PC’s download folder, but is actually an LNK or ZIP file hosted on an external server.

When you open the file, it runs a Python script from another server without downloading the script to your computer. This script opens a fake PDF to hide the malicious activity while collecting system information to profile you.

Voldemort uses Google Sheets to store data

Once the malware successfully infects your Windows device, it can:

RingingCheck if the control server is still connectedDirection: Get a list of files and folders on your systemDownload: Send files from your system to the control serverUpload: Put files from control server to your systemExecutive: Run specific commands or programs on your systemCopy: Copy files or folders on your systemTo move: Move files or folders within your systemTo sleep: Pauses its activity for a certain period of timeExit: Stop working on your system

The malware uses Google Sheets as its command center, where it receives new instructions and stores stolen data. Each infected device sends its data to specific cells in the Google Sheet, which are marked with unique IDs to keep everything organized.

Voldemort interacts with Google Sheets via Google’s API using an embedded client ID, secret, and refresh token stored in its encrypted settings. This method gives the malware a reliable way to communicate without raising suspicion, as Google Sheets is widely used in businesses, making it difficult for security tools to block it.

HOW TO RECOGNIZE A VICTIM OF VACATION RENTAL SCAMS AND AVOID BECOMING A VICTIM

4 ways to protect yourself from malware attacks

Hackers are releasing increasingly sophisticated malware, but that doesn’t mean you’re defenseless. Here are some tips to help protect yourself from these types of attacks.

1) Read sensitive emails carefully: The best way to spot fake emails that send malware is to check them carefully. Hackers may be tech-savvy, but their language skills are often not great. For example, you may see spelling errors like “Taxplayers” instead of “Taxpayers” in the screenshots above. Government agencies don’t usually make these kinds of mistakes.

2) Check the email domain: Verify that the email domain matches the organization it claims to represent. For example, an email from the IRS should come from an address ending in “@irs.gov.” Be careful of minor typos or variations in the domain.

3) Invest in data removal services: Hackers target you based on your publicly available information. This could be anything from your information leaked through a data breach to information you provided to an ecommerce store. Check out my top picks for data removal services here.

4) Have a strong antivirus software: If you have strong antivirus software installed on your device, it can protect you when you receive these types of scam emails or accidentally open an attachment or click on a link. The best way to protect yourself from clicking on malicious links that install malware that can access your private information is to install antivirus protection on all your devices. It can also alert you to phishing emails or ransomware scams. Choose the best antivirus protection winners of 2024 for your Windows, Mac, Android and iOS devices.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL YOUR TECHNOLOGICAL DEVICES

Kurt’s main takeaway

While researchers can’t say for sure, many of the techniques used by the malware are similar to those used by hackers suspected of espionage. Even if this assessment turns out to be wrong, the scale and sophistication of the attack is alarming. Anyone without technical knowledge could easily fall victim and lose personal data and money. The attack is specifically targeting Windows users, which raises questions about Microsoft’s security framework.

What measures do you think organizations should take to better protect individuals from malware attacks? Let us know.Cyberguy.com/Contact.

To subscribe to my free CyberGuy Report Newsletter for more tech tips and security alerts, go here: Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on social media channels:

FacebookYoutubeInstagram

Answers to CyberGuy’s most frequently asked questions:

What’s the best way to protect your Mac, Windows, iPhone and Android devices from being hacked?What’s the best way to stay private, secure and anonymous while browsing the internet?How to get rid of robocalls with apps and data removal services?How can I remove my private data from the internet?

News from Kurt:

Try CyberGuy’s new games (puzzles, word puzzles, trivia, and more!)

Copyright 2024 CyberGuy.com. All rights reserved.