Threat actors impersonating Zoho have sent BleepingComputer a copyright infringement complaint noting that the site has been using copyrighted images and that the proof of the violation could be checked through a Yandex Forms link, instead of Google Drive or Google Sites.
BleepingComputer reports that fake copyright infringement warnings using Yandex Forms are being leveraged for IcedID malware distribution.
These reports allegedly contain proof of DDoS attacks or copyrighted material used without permission but instead infect a target’s device with various malware, including BazarLoader, BumbleBee, and IcedID.
Clicking the Yandex Forms link in the complaint would redirect to a webpage with a “File ‘Stolen Images Evidence’ is ready for download” message that would eventually result in the download of an ISO file with the “Stolen_ImagesEvidence.iso” filename.
Users double-clicking on the downloaded file will be shown a new drive letter with a “documents” folder and a random DLL file, with the folder being a Windows shortcut that would trigger the execution of a malicious DLL loader for IcedID upon double-clicking.
Individuals receiving copyright complaints have been advised to be more vigilant and leverage VirusTotal for suspicious file scanning.
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- Online disclosure of 5+ million Twitter users’ stolen information - 30 November 2022
- U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer - 29 November 2022
- Researchers Quietly Cracked Zeppelin Ransomware Keys - 23 November 2022