Pope sued over sexual abuse and not wearing seatbelt? Fake CNN and BBC news alerts spread malware

Don’t believe everything you read – because if you do, cybercriminals are going to take advantage of your gullibility and infect your computer with a Trojan horse.

Malware campaigns spammed out in the last 24 hours have pretended to be breaking news stories from the likes of CNN and the BBC.

Here are some examples, claiming to be a breaking news alert from CNN, which have focused on arresting news stories around the new Pope.

Some of the messages are quite farcical:

Sign up to our free newsletter.
Security news, advice, and tips.

Fake CNN message

Subject: Opinion: New Pope Sued For Not Wearing Seat Belt In Popemobile ... - CNN.com

While others are clearly much more serious:

Another fake CNN message

Subject: Opinion: New Pope, Vatican officials sued over alleged sexual abuse! ... - CNN.com

Either way, you can probably understand why some computer users might be tempted to click on the links without thinking.

Meanwhile, more recent version of the malware attack have been spammed out pretending to be from the BBC:

  • BBC-Email: Bank of America happy of Cyprus Central Bank Warns of Capital Flight
  • BBC-Email: Cyprus 'Bank Raid' by Euro Banks
  • BBC-Email: Cyprus already confirmed one time tax withdrawal TODAY!
  • BBC-Email: Cyprus Bank-Levy Passage in Doubt as EU Shows Aggression
  • BBC-Email: Cyprus banks shut extended to Monday
  • BBC-Email: Cyprus can amend bailout terms
  • BBC-Email: Cyprus decided to rise bank tax up to 15% for Corporate sector
  • BBC-Email: Cyprus effect on stocks likely long-term
  • BBC-Email: Cyprus government today accepted one time bank tax withdrawal but higher than expected
  • BBC-Email: Cyprus races to rework savings tax after closing banks till Thursday
  • BBC-Email: Cyprus rises tax value and confirmed one time withdrawal!
  • BBC-Email: EU wants rise of Cyprus bank levy
  • BBC-Email: Several countries' deposits may be excluded from Cyprus Bank Tax, Why? We got a draft.
  • BBC-Email: The Cyprus eurozone bailout conditions are bank robbery, 15%!!!
  • BBC-Email: US banks hurt by Cyprus news
  • BBC-Email: USA government decided to follow Cyprus and rise deposit taxes!!!

Clicking on the links of any of these emails, ultimately takes unsuspecting internet users to webpages containing obfuscated code that attempt to infect computers using the Blackhole exploit kit.


Sophos products detect the PDF Blackhole component used in this attack as Troj/PDFJS-ADE and Troj/PDFEx-GD. Meanwhile, the attack can also attempt to infect PCs using a Flash Blackhole component – detected by Sophos products as Troj/SwfExp-BN.

Of course, this is far from the first time that we have seen cybercriminals pretending to be the likes of CNN or the BBC in an attempt to get recipients to open an email and click on a link.

Notorious examples include the fake CNN emails that claimed to contain a link to the Erin Andrews Peephole video or news that Mitt Romney had almost won the White House.

As always, keep your wits about you, and your security patches and anti-virus software up-to-date.

Thanks to Brett Cove, Peter Szabo, Savio Lau and Fraser Howard of SophosLabs for their assistance with this article.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.