Please be advised that scammers use reports of recent disasters, such as the recent Boeing 737 Max crash to spread malware. With respect to this recent crash, spam messages appear to be coming from a purported private intelligence analyst, “info@isgec.com”, who is claiming to share information found on the dark web about other airlines that will soon be impacted by similar crashes. The email requests that recipients forward the email to loved ones. The email attaches a JAR file, which if opened, is believed to install the Houdini H-worm remote access trojan (“H-Worm RAT”), which can provide remote control of a device to a malicious actor, and Adwind, which is an information stealing trojan.
Recommendations:
- Refrain from forwarding unsolicited emails to others
- Do not open unexpected attachments
- Do not click embedded links in unexpected email messages
- When in doubt, confirm the legitimacy of a message with the sender via a trusted means of communication, such as a known phone number