Kraken is a new phishing malware that’s on the loose, taking on the form of genuine workers’ compensation benefits information…
At a time of economic uncertainty and higher unemployment, it should come as no surprise that some bad actors would take advantage and attempt to exploit the circumstances. The latest scam entails workers’ compensation benefits — at least that’s what victims think. They are tricked by a slick campaign which appears legitimate, until its real purpose is revealed.
New Kraken Phishing Malware Disguised as Legitimate Workers’ Compensation Benefits
Kraken is a new fileless attack technique, according to Malwarebytes. The scheme begins with a genuine looking email containing the subject line, “Your Right to Compensation.” Obviously, recipients would be under the impression the message contains valuable information about benefits. To make it even more convincing, it also contains a lure phishing document named “Compensation manual.doc,” that’s packaged as a zip file.
Recipients are told the document is securely encrypted. (It even requests recipients enable editing access.) However, if granted access, the victim is immediately taken to a website. That website then injects a malicious macro into the Windows Error Reporting system or WER. This allows it to hide out-of-sight and run without alerting the victim. Of course, being a phishing scam, it ultimately attempts to steal personal information.
Needless to say, anyone receiving unsolicited workers’ compensation email shouldn’t open the messages. Also, don’t open, grant editing access, or download files from unknown senders.