Scammers exploiting Kaseya ransomware attack to deploy malware
A phishing campaign that claims to offer a security update for Kaseya’s VSA software is actually attempting to install malware. The ransomware attack against IT firm Kaseya is being taken advantage of by cybercriminals. Cybercriminals are deploying spam to infect computers with Cobalt Strike-delivered malware.
The phishing email sent claims to offer a way to fix the security flaw with Kaseya. The email carries a file attachment named SecurityUpdates.exe. The attached file contains malware attached to testing tool Cobalt Strike. Cobalt Strike was created for organizations to be able to test their internal security, but it has been utilized by cybercriminals instead to install malware onto victim’s computers. The group responsible for the attack is not confirmed.