A highly successful email spam campaign is infecting computers with ransomware and other malware like cryptocurrency miners and botnet software that can send spam messages from your accounts without you noticing.
Phishing attempts are normally easy to catch, but this one duped enough users into opening spam messages and downloading malicious Zip files that it was the second-most reported malware in June 2020, according to the Check Point cybersecurity firm (via ZDNet).
So, what’s the campaign’s wildly successful trick? Sending emails with a winky face as the subject line. Seriously.
The campaign is powered by the notorious “Phorpiex” botnet. Botnets are large clusters of computers that have been infected with bot malware and used by hackers to send malware through email and other messaging apps en masse. A computer can be part of a botnet without the user’s knowledge and doesn’t have to be infected with the same malware it’s spreading to other machines. There’s also no central “host” computer, so as long as at least one device is infected with the bot malware and being exploited, the botnet still technically exists.
So, if you suddenly receive an email with a winking emoji and enticingly named zip file, don’t open it. Whatever you think the zip file might contain, it’s probably just malware and downloading it is a major risk to your security and privacy. If it was sent by someone you know, contact them another way (don’t reply to the email) and give them a head’s up that their computer may have been compromised.
We also have tips for spotting and blocking phishing emails and fake websites, and guides on preventing and responding to potential ransomware or malware attacks — like using competent antivirus/antimalware software and blocking malware-laced ads and shady web trackers — which can help keep you and your data safe.