Multiple phishing campaigns attempting to deliver infostealers to New Jersey State employees to steal credentials and exfiltrate data have been recently observed. There’s been a clear uptick in hackers attempting to compromise  government entities, as shown in the image above. 

What is an infostealer?

Infostealers are information-stealing malware, installed on computers and phones and designed to locate and exfiltrate data. The data is then sent to the hackers. Threat actors primarily target account credentials for online financial accounts, social media websites, email, or file transfer protocol (FTP) accounts, 

Infostealers are typically delivered through phishing emails with links to malicious websites or they contain attached Word or Excel, ISO, or ZIP files. In the above campaign, threat actors attempted to deliver malware purporting to be an unpaid invoice through Drake Software, which is a legitimate professional tax software company. The sender’s display name claims to be from “Support” at Drake Software; however, upon further inspection, the sender’s email address references Drake Software in the username but not in the domain name. 

The phishing emails contain a PDF attachment with a link that, if clicked, initiates multiple scripts to download and execute the malware. Infostealers are highly attractive to threat actors due to the high return on investment and the ability to remain virtually undetected. The aftermath of infostealers includes violated privacy, data leaks, stolen funds from accounts, and impersonation.

Let’s all remain vigilant of these and similar scams. Please refrain from answering unsolicited or unexpected communications. Additionally, do not provide personal or financial information or transfer money, especially in cryptocurrency, to unverified entities.