CyberNews Briefs

HHS.gov Open Redirect Used by Coronavirus Phishing to Spread Malware

Malware payloads are being pushed onto victims’ systems through an HHS.gov open redirect attack. An open redirect is a web address that automatically redirects users, commonly used by malicious actors to send victims to phishing pages or to deliver malware payloads under the guise of legitimate services. HHS.gov, the latest open redirect attack discovered by researchers, is the website of the US Department of Health and Human Services.

The attackers used the HHS.gov site, linking a malicious attachment containing a file that unpacks obfuscated VBS script. This later downloads and execute a malware payload called a Raccoon information stealer that was discovered almost a year ago and has the capability to steal data such as email credentials, credit card info, cryptocurrency wallets, and browser data. The malware can extract information from roughly 60 different applications, including browsers, cryptocurrency wallets, email, and FTP clients.

Read More: HHS.gov Open Redirect Used by Coronavirus Phishing to Spread Malware

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.