Uncovered by security researchers at Trustwave, the malware was flagged when it appeared that criminals had crafted bogus WHO emails encouraging people to open a .RAR attachment to find out how they can protect themselves against Ebola.
Trustwave said that once the attachment has been clicked on, it downloads malware onto the victim’s machine.
The emails have been sent to a few hundred organisations by criminals who hope to gather information which they can later sell.
“Upon closer inspection, the RAR compressed file attachment is not a document file but an executable file of a DarkComet Remote Access Trojan,” explained Trustwave.
“This Trojan makes use of its heavily obfuscated AutoIt-based script to run undetected by antivirus software.
“When run, it creates a randomly named folder in the Windows Application Data folder and drops all of its component files into that folder.”
Trustwave has seen only one version of the email, suggesting a low volume campaign.
“It isn’t surprising to find cyber criminals continuing to piggyback on newsworthy and major events, disasters and outbreaks in order to lure potential victims and spread their malware,” said the security firm.
Last week, the US Computer Readiness Team posted an advisory about protecting against scams and spam campaigns using Ebola as a social engineering theme.
The organisation once again advised people not to follow unsolicited web links or click on attachments in emails.