'Audit and Assurance' Email Virus

Cybercriminals use countless different tricks and techniques to propagate all types of online scams and malicious software. Phishing emails are one of the most popular propagation methods utilized by both low-tier conmen and highly skilled cybercriminals.

One of the latest phishing email campaigns has been dubbed ‘Audit and Assurance’ emailvirus. It is likely that the ‘Audit and Assurance’ email virus mainly targets businesses and organizations, but the con-artists may also opt to go after regular users. The phishing email is rather lengthy and appears to be sent by a genuine institution. The fraudulent message asks the targeted user to download and review the invoice attached to the email. However, if the user tries to open and view the attached file, they will trigger the execution of a malicious script, which will allow the payload of a threat called SDBbot to be deployed on the targeted host. The SDBbot threat is a RAT (Remote Access Trojan), which has been active for several years. In order to avoid detection, when the user opens the macro-laced attachment, they will launch a decoy document, which will keep them busy while the RAT is installed and executed in the background.

The SDBbot allows the operators of the ‘Audit and Assurance’ Email Virus campaign to carry out reconnaissance operations, collect keystrokes, and collect sensitive data and classified documents. If you are among the users who have been targeted by the ‘Audit and Assurance’ email virus, we would advise you to block the sender of this message and delete the email from your inbox. Also, make sure to scan your PC with a reputable, modern anti-virus solution.