Pfizer, a prestigious pharmaceutical company that invented one of the few vaccines of COVID-19, is being leveraged by threat actors for stealing sensitive information.
This starts through a phishing campaign that is highly targeted, using Pfizer’s name and asking the targets to send their quotations to a deal. The email attachments contain a pdf that doesn’t actually carry any malware or external link, but details on a deal. The main aim of scammers isn’t specifically known as of now.
Phishing Campaign Based on Pfizer
COVID-19 is something that shook the entire world for nearly two years. As people are now fearing the growth of new variants, there are other indirect reasons to worry about – cyberattacks.
We’ve seen hackers leveraging the public fear of COVID-19 and recently Omicron to conduct phishing attacks, and steal money and data from them. Now, we have one such campaign based on Pfizer, a prominent pharmaceutical company that invented one of the COVID-19 vaccines.
Also Read- DarkWatchman: A Lightweight and Stealthy RAT With Keylogger
Since its name is popular, threat actors are leveraging this against unsuspecting people to steal sensitive data from them. As seen by INKY researchers, a phishing campaign based on Pfizer’s name is in wild, with a pdf attachment detailing deal prospects.
The threat actors are buying domain names similar to Pfizer, mostly from Namecheap since it accepts cryptocurrency as a payment method. After buying impersonating domains, they form email IDs based on them and start sending phishing emails to highly specific targets.
While the PDF attachments don’t contain any malicious links or malware payloads, the threat actors are requesting the target to respond with a bid and their contact details. In some cases, financial details too.
While the specific aim of threat actors isn’t known as of now, stealing the business information too can be lucrative for conducting BEC attacks later. And not asking the targets for very sensitive information for the first time makes them trust the party, and keep responding to future emails.
Once they get close, the threat actor may eventually ask the target to make a payment to a specific account (controlled by hackers) or run/install specific software (malware) for further exploitation.