Ill-conceived Donald Trump sex video malware attack attempts to install RAT on Windows PCs

Graham Cluley
@gcluley

Ill-conceived Trump sex video malware attack attempts to install RAT on Windows PCs

After all these years you probably don’t need me to tell you to be wary of clicking on email attachments which seem too good to be true.

Malicious hackers have also disguised their attacks as breaking news, sexy pictures, or even (infamously) love letters in order to trick unsuspecting users into clicking before thinking.

Security researchers at Trustwave have revealed the latest attempt by cybercriminals to infect Windows computers using this tried-and-trusted technique, although it feels somewhat ill-conceived.

Sign up to our newsletter
Security news, advice, and tips.

According to Trustwave senior security researcher Diana Lopera, emails have been spammed out with the subject line “GOOD LOAN OFFER!!”, and the following message in the text:

Greeting,

We are interested in partnering and investing in your that dream project or business plan, also we can grant you a loan with a good return of investment on a long and short period of time. We can invest or loan from the rage of 500,000USD to over 100Million USD.

If you are interested in order offer kindly contact immediately to book for an appointment with one of our agent.

Thank you.
Regards.
Jonathan Clement.

Let’s be honest – it’s hard to imagine that anyone would believe an unsolicited message like that was genuine, even if you ignored the spelling and grammatical errors. Normally, I would say that this was a scam that was unlikely to dupe most people.

What makes it unusual, however, is that there is a file attached, called TRUMP_SEX_SCANDAL_VIDEO.jar.

Yup, it’s filename purports to be a some sort of sex scandal video involving the outgoing President of the United States.

Clicking on the file could initiate a process which downloads the Qnode Remote Access Trojan (RAT) onto your Windows PC, granting a hacker remote access to your computer and all of your files.

So, if you do find yourself tempted despite every bone in your body telling you that you shouldn’t click (heck – even if it was a Donald Trump sex video you surely wouldn’t really want to see that, would you?) make sure not to initiate the RAT installation process by clicking on “Ok, I know what I’m doing”

You don’t know what you’re doing. More than that, I don’t know what you’re thinking

Quite why the cybercriminals are distributing a file claiming to be a Donald Trump sex scandal video with an email claiming to offer investment in a business plan is anyone’s guess. My best hunch would be complete incompetence.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.