A wave of phishing under the guise of mailings from bailiffs has covered Russians

A new powerful wave of phishing campaign using the DarkWatchman RAT remote access Trojan has hit Russian companies and citizens. This was reported to Izvestia by the Solar 4RAYS Cyber Threat Research Center of the Solar Group of Companies.

Scam on its own: scammers have created phishing sites with "Trump coins"

Criminals on the Web have also started distributing fake currencies with the names of the US president's relatives

Malicious emails disguised as official notifications from the Moscow Interdistrict Bailiff Department for the enforcement of tax rulings were received by several dozen organizations from different regions.

Another spike in phishing was recorded at the end of February using a network of sensors and honeypots: the number of calls to the DarkWatchman management server increased dramatically by almost five times.

All emails were sent from a fake email address. Inside each message was an archive named 'Writ of Execution No.27186421-25 from <date>.zip'. And inside there was a malicious executable file, which, at startup, was installed on the victim's host by DarkWatchman RAT.

The main function of this Trojan is a keylogger, which imperceptibly captures every keystroke on the victim's keyboard, allowing attackers to gain access to passwords, bank data and other sensitive information. DarkWatchman also has backdoor capabilities that allow cybercriminals to remotely manage infected systems, upload new files, and execute various commands.

Read more in the exclusive Izvestia article:

At Trojan horse: cybercriminals disguise themselves as bailiffs