Contact Contact Us

Malspam Uses Boeing 737 Max Crash to Spread Malware

A malspam campaign is using the recent Boeing 737 Max 8 crash in Ethiopia to spread the H-Worm remote access tool and Adwind information stealer. The phishing emails, containing a JAR attachment, are crafted to look like leaked information about airlines that will be affected by similar crashes. Opening the JAR file installs the malware, which can be used to steal login credentials and create a backdoor for future access such as to download additional tools for lateral movement. As the campaign may target airline companies that own the Boeing 737 Max, organisations should remind employees not to open any attachments or click on any links in unsolicited emails to avoid potential infections.

[1] Gone in Six Seconds? Exploiting Car Alarms

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883