Researchers often get emails asking them to review papers. That’s normal. But sometimes these emails are fake. Scammers just want to use your name or, worse, hack your computer. This news article is about one of the latter attempts.
Thanks to the AhnLab SEcurity intelligence Center (ASEC) for this warning.
The Kimsuky phishing group is sending out requests for paper reviews to professors at a number of Universities all over the world. You might receive one of those. the email prompts the recipient to open a HWP document with a malicious attachment. The document is password-protected, and the recipient has to enter the password provided in the email body to view the document. Upon opening the document, six files were automatically created in the temporary folder. To further prompt the user to check the content, the document body included a “More…” phrase, which contained a hyperlink that executed the “peice.bat” file, one of the files created.
It then performs some actions to hide its tracks. After that, it starts AnyDesk, which gives the criminals unrestricted access to your computer.
The Kimsuky group has been continuously launching attacks, impersonating others to target specific individuals. Recently, there has been a growing trend of threat actors exploiting legitimate software in their attacks or using shared drives like Google and Dropbox storage.
If you receive suspicious email messages, or even just messages that make you doubt, contact CERT-UT.
