In queste ore è in corso una sofisticata campagna di phishing finalizzata a diffondere virus che svuotano il conto in banca agli utenti: ecco come riconoscere le email pericolose
Una nuova campagna di phishing finalizzata a veicolare alcuni pericolosi virus, tra i quali il trojan bancario Ursnif, è in corso in queste ore e sta prendendo di mira i gestori delle attività economiche bloccate dalle misure anti Covid. La campagna si basa su una sofisticata email fake che apparentemente proviene dal Ministero delle Finanze.
La campagna è stata scoperta e resa nota su Twitter dal ricercatore di sicurezza JamesWT, che ha pubblicato molte informazioni utili per non cadere nella trappola degli hacker. L’email di phishing è ben scritta e porta come oggetto “Progetto riapertura parziale dell’ attivita economica ai fini della ripartenza dell’economia: indicazioni per le attivita“. La raffinatezza della campagna si nota anche nelle date: l’email inviata questa mattina, 17 novembre, chiede all’utente di aprire un file infetto nel più breve tempo possibile perché tale file, così vogliono far credere gli hacker, contiene nuove disposizioni anti Covid in vigore dal 20 novembre.
Come riconoscere la finta email del MEF
L’email truffa è stata inviata nella notte e, oltre all’oggetto già citato, ha un testo decisamente ingannevole: "The Minister of Economy and Finance URGENTLY REQUESTS business owners to verify through the archive attached to this email the latest changes made to the ordinances and any correspondence of their category of activity within the new limited activity lists, and any associated modalities, in order to manage reopenings reasonably in advance."
The text is therefore in correct Italian, even "bureaucratese", is apparently even signed by the Minister of Economic Development Stefano Patuanelli and is therefore very credible.
The email message contains an Excel attachment, which is the vehicle of the virus. But, also in this case, the attack is well done: at the opening of the file it is stated that "The protected document has been scanned and is virus-free. To view the document click on Enable Modify and then on Enable Content".
In reality, however, following these instructions does nothing but open the doors of your computer to the viruses that hackers are trying to spread.
What you risk with the fake MEF email
If you follow the instructions contained in the fake Ministry of Finance email, your computer will be infected with Ursnif and Gozi malware, both belonging to the Isfb family and close relatives of the well-known Emotet.
These are banking trojans, i.e. viruses that are able to finely track the PC user's behavior and steal sensitive data and access credentials to all web accounts. Including banking ones, which are obviously the main purpose of this phishing campaign.
How to defend yourself against Ursnif and Gozi
As always happens when viruses are carried by a phishing campaign, the first way to defend yourself is not to take the bait: if you receive the fake email from the Ministry of Finance (which certainly does not send emails with directives and circulars attached to anyone) delete it immediately.
Never open attachments: they are the gateway to computer viruses. Always use a good antivirus security suite, to block virus activity in case caution wasn't enough.