A new malware has been detected by security researchers that is suspected of conducting espionage. Hackers infect devices by impersonating government agencies, usually tax agencies such as the Internal Revenue Service (IRS). Once the malicious software is on a PC, it can gather intelligence (collecting personal data, passwords and more), download additional malicious software and upload data to the hacker’s server. It does all this while using Google Sheets to avoid suspicion and store data.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

It all starts with a fake email

The hackers behind the malware, called “Voldemort,” have cleverly designed it to avoid getting caught. Just like the name Voldemort spelled trouble in J.K. Rowling’s Harry Potter series, it’s causing issues in the cybersecurity world, too.

The cyberattack kicks off when you receive an email that looks like it’s from a government tax agency. According to Proofpoint, the hackers behind this campaign have been impersonating tax agencies in various countries, including the U.S. (IRS), the U.K. (HM Revenue & Customs), France (Direction Générale des Finances Publiques), Germany (Bundeszentralamt für Steuern), Italy (Agenzia delle Entrate) and, as of Aug. 19, India (Income Tax Department) and Japan (National Tax Agency). Each email lure was customized and written in the language of the tax authority being impersonated.

Proofpoint analysts found that the hackers tailored their phishing emails to match the target’s country of residence based on publicly available information rather than the organization’s location or the language suggested by the email address. For example, some targets in a European organization received emails impersonating the IRS because they were linked to the U.S. in public records. In some cases, the hackers mixed up the country of residence when the target shared a name with a more prominent individual.

The email also tries to mimic the email of the government agency. For example, the U.S. folks were sent fake emails using “no_reply_irs[.]gov@amecaindustrial[.]com.”

Email that tries to mimic the email of a government agency (Proofpoint) (Kurt “CyberGuy” Knutsson)

The attack cleverly unfolds on your device

In the fake email, hackers impersonating the government warn you about changes in the tax rates and tax systems and ask you to click a link to read a detailed guide. Clicking on the link brings you to a landing page, which uses Google AMP Cache URLs to redirect you to a page with a “Click to view document” button.

After you click the button, the hackers check if you’re using a Windows device. If you are, you’ll be redirected to another page. When you interact with that page, it triggers a download that looks like a PDF file in your PC’s download folder, but it’s actually an LNK or ZIP file hosted on an external server.

When you open the file, it runs a Python script from another server without actually downloading the script to your computer. This script collects system information to profile you, while a fake PDF opens to hide the malicious activity.

Download that looks like PDF file in your PC’s download folder (Proofpoint) (Kurt “CyberGuy” Knutsson)

Voldemort uses Google Sheets to store data

Once the malware has successfully infected your Windows device, it can:

• Ping: Check if it’s still connected to its control server
• Dir: Get a list of files and folders on your system
• Download: Send files from your system to the control server
• Upload: Put files from the control server onto your system
• Exec: Run specific commands or programs on your system
• Copy: Copy files or folders on your system
• Move: Move files or folders around on your system
• Sleep: Pause its activity for a set time
• Exit: Stop running on your system

The malware uses Google Sheets as its command center, where it gets new instructions and stores stolen data. Each infected device sends its data to specific cells in the Google Sheet, marked by unique IDs to keep everything organized.

Voldemort interacts with Google Sheets through Google’s API, using an embedded client ID, secret and refresh token stored in its encrypted settings. This method gives the malware a reliable way to communicate without raising suspicion since Google Sheets is widely used in businesses, making it hard for security tools to block it.

HOW TO RECOGNIZE AND AVOID BEING A VICTIM OF VACATION RENTAL SCAMS

4 ways to protect yourself from malware attacks

Hackers are releasing increasingly sophisticated malware, but that doesn’t mean you’re defenseless. Below are some tips to help protect yourself from such attacks.

1) Read sensitive emails carefully: The best way to spot fake emails that deliver malware is to check them carefully. While hackers may be tech-savvy, their language skills often aren’t perfect. For example, in the screenshots above, you can see typos like “Taxplayers” instead of “Taxpayers.” Government agencies don’t usually make these kinds of mistakes.

2) Check email domain: Verify that the email domain matches the organization it claims to represent. For example, an email from the IRS should come from an address ending in “@irs.gov.” Be cautious of slight misspellings or variations in the domain.

3) Invest in data removal services: Hackers target you based on your publicly available information. That could be anything from your leaked info through a data breach to the information you provided to an e-commerce shop. Check out my top picks for data removal services here.

4) Have strong antivirus software: If you have strong antivirus software installed on your device, it can protect you when you receive these types of scam emails or accidentally open the attachment or click a link. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

Kurt’s key takeaway

While researchers can’t say for sure, many of the techniques used by the malware are similar to those employed by hackers suspected of espionage. Even if this assessment turns out to be incorrect, the scale and sophistication of the attack are concerning. Anyone without technical knowledge could easily fall victim and lose personal data and money. This attack specifically targets Windows users, which also raises questions about Microsoft’s security framework.

What measures do you think organizations should implement to better protect individuals from malware attacks? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Safety regulators are urging the US Consumer Product Safety Commission (CPSC) to investigate the ultracheap e-commerce platforms Shein and Temu. In a statement published Tuesday, two CPSC commissioners say Shein and Temu “raise specific concerns,” including reports that “deadly baby and toddler products are easy to find on these platforms.”

The statement cites last month’s report from The Information, which highlights some of the dangerous products sold on both sites. That includes padded crib bumpers on Temu that have been banned in the US, as well as children’s drawstring hoodies on Shein that the CPSC considers a strangulation hazard.

CPSC commissioners Peter Feldman and Douglas Dziak say the safety agency should evaluate how Shein, which is headquartered in Singapore, and the China-based Temu comply with the Consumer Product Safety Act. The probe would determine how far these platforms fall outside the CPSC’s reach, as well as look into the Chinese manufacturers that make the majority of goods on Shein and Temu.

“Third-party sellers, domestic and foreign, are proliferating on online platforms,” the commissioners write. “This form of commerce can benefit consumers and sellers in many ways, but CPSC must make clear its expectations regarding these platforms’ responsibilities to ensure safety.” The Verge reached out to Shein and Temu with requests for comment but didn’t immediately hear back.

Welcome to Fox News’ Artificial Intelligence newsletter with the latest AI technology advancements.

IN TODAY’S NEWSLETTER:

– Holy See urges ‘moratorium’ on development of autonomous killing weapons at United Nations

– Online graphic design platform hit with backlash over ‘insane’ price hikes that reach 300%

– Autonomous car bombs, online recruitment: Experts worry how AI can transform terrorism

‘PROPER HUMAN CONTROL’: A delegation representing the Holy See urged the United Nations this week to put a moratorium on autonomous weapons designed to kill without human decision-making.

‘INSANE’: Canva is facing pushback from customers over plans to increase subscription prices by more than 300% in some instances.

United Nations Headquarters in New York City is seen flanked by Hamas and Hezbollah fighters. (Getty Images)

TIME TO ACT: Experts worry that terrorists will find novel and problematic uses for artificial intelligence, including new methods of delivering explosives and improving their online recruitment initiatives. 

ROBOT INSPECTOR: Developed by Beca, a leading engineering firm in New Zealand, PIPE-i is a robotic survey vehicle that boldly ventures into hazardous and confined spaces like culverts and tunnels. 

PIPE-i inspection robot  (Beca)

Subscribe now to get the Fox News Artificial Intelligence Newsletter in your inbox.

FOLLOW FOX NEWS ON SOCIAL MEDIA

Facebook
Instagram
YouTube
Twitter
LinkedIn

SIGN UP FOR OUR OTHER NEWSLETTERS

Fox News First
Fox News Opinion
Fox News Lifestyle
Fox News Health

DOWNLOAD OUR APPS

Fox News
Fox Business
Fox Weather
Fox Sports
Tubi

WATCH FOX NEWS ONLINE

Fox News Go

STREAM FOX NATION

Fox Nation

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future with Fox News here.