Cybersecurity firm Proofpoint is reporting a new hacking group that targets the global shipping industry and its fears over the spread of the coronavirus. The California company has detailed how emails are being sent with the subject line ‘Coronavirus – Brief note for the shipping industry’.
The Word documents, labelled Caution on Coronavirus, that are attached in the emails feature an exploit of a 2.5-year-old vulnerability that makes it possible to install AZORult on the target. AZORult is a dangerous malware that can steal sensitive user information. The malware works on computers that have not updated Microsoft Office since November 2017.
“In these attacks, we don’t see AZORult downloading ransomware currently. However, because of AZORult’s configurable nature and past use in conjunction with ransomware that remains a real threat,” Proofpoint warned. The company was founded in 2002 by the CTO of Netscape and is now NASDAQ-listed.
Image source: Proofpoint