HHS.gov Open Redirect Used by Coronavirus Phishing to Spread Malware
Malware payloads are being pushed onto victims’ systems through an HHS.gov open redirect attack. An open redirect is a web address that automatically redirects users, commonly used by malicious actors to send victims to phishing pages or to deliver malware payloads under the guise of legitimate services. HHS.gov, the latest open redirect attack discovered by researchers, is the website of the US Department of Health and Human Services.
The attackers used the HHS.gov site, linking a malicious attachment containing a file that unpacks obfuscated VBS script. This later downloads and execute a malware payload called a Raccoon information stealer that was discovered almost a year ago and has the capability to steal data such as email credentials, credit card info, cryptocurrency wallets, and browser data. The malware can extract information from roughly 60 different applications, including browsers, cryptocurrency wallets, email, and FTP clients.