A series of phishing emails impersonating Reserve Bank of India (RBI) or other large banks like Axis Bank were sent to small co-operative banks in April, Quick Heal Security Labs’ enterprise security arm Seqrite reported.
The phishing emails carried text files referring to a circular or guideline for “operational or business continuity measures during covid-19" and urged recipients to open attachments to get more detailed information.
Researchers at Seqrite found that the attachment in the phishing emails used document file extensions such as xlsx or pdf to appear harmless.
They actually carried a malicious JAR file— a remote admin trojan that can run on any Windows, Linux, or Mac system which has Java runtime enabled.