In this new malware email scam, crooks left behind some telltale tricks of the trade. Instead of inciting a sense of fear, urgency, or guilt in the target, this concise email simply asks for your anonymous opinion about Black Lives Matter. It doesn’t ask for personal or financial information, and it doesn’t offer a reward for participation.
The scam uses the tagline to lure in unsuspecting victims. Instead of taking a political stance, it casts a wide net simply asking for the target’s opinion. Example subject lines include, “Give YOUR Feedback Anonymous about Black Lives Matter,” or “Speak Out Confidentially about Whose Lives Matter.” Within the body of the message, there are just two sentences. The first prompts the target to give their anonymous opinion, or anonymously tell the government what they think. The second is a description of the file attached to the email, such as “claim in attached file,” “content included,” “form in attached file,” “statement included,” and similar short remarks. Attached to the brief email is a file with a name that begins with “e-vote form.”
The malware embedded in the file is written in Virtual Basic for Applications programming language, or VBA, which all word documents contain in macros. It is a specific kind of malware called zombie malware, named Trickbot. Zombie malware is designed specifically for crooks to be able to reprogram its behavior. This kind of malware is very flexible and can cause a breadth of mischief on your computer. To protect against VBA malware, programs like Microsoft Office are set up with macros turned off by default. That is why when you download the e-vote form, it will prompt you to enable editing, and then enable content. The VBA is hidden within the content, and when the Office program runs with content enabled, the zombie malware infects the device and gains full access to it. Unlike Javascript, which is contained to a browser, VBA is not contained by a program.
While many are left out, this particular scam still does wave some of the typical red flags of email scams. First, the email is unsolicited, from an unknown source, and contains an attachment. DO NOT OPEN ATTACHMENTS FROM UNEXPECTED AND UNSOLICITED EMAILS. Follow this classic safety tip and you will not fall victim to this malware attack.
Second, unless you know exactly what the document you have downloaded is, do not turn off security features just because the document tells you to. Third, when choosing anti-virus software, pick one with behavior-blocking and web filtering features.