HHS.gov Open Redirect Used by Coronavirus Phishing to Spread Malware
released on 2020-03-23 @ 07:53:22 PM
An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims' systems with the help of coronavirus-themed phishing emails.
The attackers use it to link to a malicious attachment containing a coronavirus.doc.lnk file which will unpack an obfuscated VBS script that will download and execute a Raccoon information stealer malware payload.