A nervous population is falling victim to a new strain of malicious software in the form of false emails from the World Health Organization. Using subject lines such as “Ebola Survival Guide” and “Health Alert: Ebola Is Spreading,” hackers are sending out emails that, when opened, essentially take control of a recipient's computer without his/her knowledge.
The WHO is just one of the agencies being imitated. Email users might log in to their inbox to find an email from the Mexican government instructing them to download a health advisory that's actually a dangerous form of malware. The fear-mongering malware was first discovered by the credit card security firm Trustwave, the same company that was sued (in litigation that was later dropped) earlier this year for allegedly failing to secure the credit card data compromised from Target in a wide-ranging breach.
The WHO emails, according to the Verge, come not with tips on how to avoid contracting Ebola (which has killed thousands of people in West Africa, though a handful of people have been infected in the U.S.) but a DarkComet Remote Access Trojan (RAT). Upon installation, RAT software is capable of hiding from antivirus software and may take control of a user's files, webcam, passwords and other sensitive information.
Other subject lines include “What you need to know about the deadly Ebola virus,” “Ebola virus outbreak: Curing Breakthrough Revealed?” “Ebola Outbreak Now WORSE Than We're Being Told” and others that similarly attempt to take advantage of users' fears.
Similar tactics have been used in past incidents, the attention on the mysteries of both Malaysia Airlines flights being the most recent examples. These Ebola scammers are following in the footsteps of other hackers who have also used the virus for their own gain, with similar security reports warning in August that “health advisories” from the United Arab Emirates came with similar malware attached.