RBA “Hacker Rush Against Customers”; Macro Malware Email

Outline:
Email purporting to be from the Reserve Bank of Australia (RBA) warns that there has been a “hacker rush against customers of different banks”. It recommends that you click a link to read a set of security standards for online banking prepared by RBA analysts.




Brief Analysis:
The email is not from the RBA and the link does not open a set of security standards as claimed. Instead, the link opens a fake RBA website that tries to trick you into downloading a Microsoft Word document that contains a malicious macro. If you download the document and enable macros when prompted, the macro can then install malware on your computer.

Detailed Analysis:
According to this “online banking security” email, which  purports  to be from the Reserve Bank of Australia (RBA), there is currently a “hacker rush against customers of different banks”. It claims that the RBA’s analysts have made  a set of standards tied to the operation of online banking. It advises that, to guarantee the security of your funds, you should click a link to  read this set of security rules on the official RBA website. The email includes the RBA logo and was supposedly sent by the “RBA Information Technology Department”.

However, the email is not from the RBA and it is not a legitimate security advisory. And, clicking the link does not open a set of online banking security rules as claimed.  Instead, the email is a criminal ruse designed to trick you into infecting your computer with malware.

If you do click the link, you will be taken to a fraudulent website that has  been designed to look like the real RBA website. The page you arrive on claims that you can click to download “Recommendations for Online-Banking Operations” prepared by “a famous international cyber-safety specialist”.  In an apparent attempt to make their claims seem more plausible, the  criminals have included  the name and image of a high-profile  cyber-security expert. Of course, the  expert has no connection to this malware attack and his name  and image have been stolen from other websites:

If you click the “Download” button, a seemingly innocuous  Microsoft Word document will be downloaded to your computer. But, when you attempt to open the document, you will be prompted to enable macros, ostensibly to allow the contents to be  loaded securely. If you comply and enable macros, a malicious  macro will then download and install malware on your computer.

The exact kind of malware may vary. Macros are often used to install ransomware, which can lock up the files on your computer and then demand that you pay a fee to online criminals to receive a decryption key. Malicious macros are also used to install malware that can harvest data such as your banking login credentials from the infected computer.

Using macros can  increase efficiency in some workflows. But, unless you have a  specific need to use them and you understand the potential dangers that they pose, you are best to leave macros disabled by default. If you are unfamiliar with macros, you can read more about them in this earlier Hoax-Slayer report.

Keep in mind that the RBA will never send out unsolicited security advisory messages to banking customers.  If you receive this email, do not click any links or open any attachments that it contains.

Last updated: October 19, 2016
First published: October 19, 2016
By Brett M. Christensen
About Hoax-Slayer

References
Macro Virus Threat Returns – Beware Emails With Malicious Word Attachments
Malware Threat Articles

Original Source : https://www.hoax-slayer.net/rba-hacker-rush-against-customers-macro-malware-email/