2024-09-03 13:16:32
A new malware disguises itself as a well-known Google application and steals data. The program spreads via email.
A new malware called “Voldemort” has sent more than 20,000 emails worldwide in recent weeks. This is reported by researchers from the IT security company “Proofpoint”, who first discovered the malware on August 5 and have been investigating it since then.
According to the report, “Voldemort” is characterized by a particularly sophisticated approach. The malware disguises itself as legitimate network traffic by using Google Sheets as an interface. This method makes the malware’s data traffic appear inconspicuous and thus deceives security programs.
The attackers spread the malware via phishing emails that appear to come from tax authorities. The emails contain links to supposedly important documents that are intended to trick victims into downloading a disguised file. As soon as users click on this link, a ZIP file disguised as a PDF is automatically downloaded, which then installs the actual malware in the background.
Once activated, “Voldemort” can steal data and download new malware or delete files. According to “Proofpoint”, the malware is primarily aimed at data theft, which can have serious consequences, especially for companies. Stolen data could also endanger national security interests.
The researchers point out that the campaign may be a government-affiliated attack and is probably intended for espionage. The combination of common techniques such as phishing with unusual methods such as the use of Google Sheets indicates a well-organized group.
Proofpoint recommends several protective measures against this new threat. These include restricting access to external services for data transfer (“file sharing”) and blocking connections to TryCloudflare – a free service from the company Cloudflare, which offers various services to make websites faster and more secure.