PRISM phishing email carries remote access malware
Phishing email targets government agencies, multiple operating systems
On 5 July 2013, security vendor Symantec issued a warning about a new phishing campaign leveraging the global interest in reports about the US Government’s surveillance programs, such as PRISM.
Phishing campaigns commonly use notable events to try and lure you into opening the email, responding or clicking links.
The phishing email includes several attached files, one of which is malware known as jRAT. Remote Access Tools—or RATs—are also quite legitimate tools, commonly used to remotely access and fix computers. In this case, however, the RAT, once installed on your computer, can grant an attacker unauthorised remote access to your computer.
The malware is attached in the phishing email as a Java (.JAR) file. If clicked, it installs a Java applet (hence jRAT) which grants the attacker access to your computer—including any Windows, Mac and Linux operating systems with Java installed.
Symantec reports that the phishing campaign is targeting government workers in the US, Canada, Australia, some European countries and Russia.
Current examples of the phishing email include the subject line: “Obama’s Data Harvesting Program and PRISM”.
Image credit: Symantec
This malware requires Java to work on your computer. If you do not have Java installed or enabled, you will not be affected.
Security products from most vendors should also identify and remove this malware.
If you receive this email, simply delete it.
Avoid phishing emails
Always be suspicious of unsolicited emails.
Do not click links or open attachments unless you are confident about the sender and information the email contains. The best advice is to simply delete the email.
If you are uncertain about the origin of any email you can always cross check the information by going independently to the company or sources’ website or by calling them directly.
Read Stay Smart Online’s advice about avoiding phishing and advice about spam.
Symantec’s website provides more detail on this malware.
The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts, Advisories and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Broadband, Communications and the Digital Economy ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.