Skip to main content
  1. Home
  2. Computing
  3. News

Russian hackers are targeting U.S. emails with phishing malware

Add as a preferred source on Google

Hackers are targeting both U.S. and European email accounts with a new phishing malware, according to a study done by cybersecurity researchers at Palo Alto Networks’ Unit 42.  Named “Cannon,” the malware has been around since October, collecting screenshots and other information from the PCs of unsuspecting victims and sending it back to Russian operatives.

Leveraging a classic social engineering tactic, “Cannon” sends out phishing emails and involves tricking victims into opening messages about recent news events like the crash of an airliner in Indonesia. The emails also contain an attachment to an older formatted Microsoft Word document which requires the macro feature for the file to open successfully. Once the victim opens the file and enables macros, a code then executes and a trojan malware spreads and infects a computer whenever Word is closed.

Recommended Videos

Once the trojan malware is running, it will collect screenshots of the PC desktop in intervals of 10 seconds, and system information every 300 seconds. It then logs into a primary POP3 email account, a secondary POP3 email account, and attempts to get the download path for downloaded information. Finally, it moves all attachments to a specific path and creates a process that sends the email back to a hacker with all attachments.

“In late October and early November 2018, Unit 42 intercepted a series of weaponized documents that use a technique to load remote templates containing a malicious macro. These types of weaponized documents are not uncommon but are more difficult to identify as malicious by automated analysis systems due to their modular nature. Specific to this technique, if the C2 server is not available at the time of execution, the malicious code cannot be retrieved, rendering the delivery document largely benign,” explains the Unit 42 research unit.

“Cannon” appears to be linked to Sofacy, a hacking group which has previously distributed “Zebrocy” and other similar malware linked back to the Russian government. To protect against these types of phishing attacks, it is always best to avoid opening emails from suspicious email addresses. Even though Microsoft has taken steps to block malicious macros, it also is best to not to use the feature and avoid it entirely. You also should keep your antivirus up to date and make sure that you’re running the latest versions of Windows 10.

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
This app gives your Mac a music player you’ll actually enjoy using
Apple Music on the Mac is a chore. Liqoria is the fix, and it plays nice with Spotify and YouTube too.
Liqoria music player

The Apple Music app on the Mac is not up to the mark. I don’t like how it looks or behaves, and Apple should take some inspiration from Spotify to make the app more modern and useful. Until that happens, we are stuck with a subpar app experience.

That’s why I never use the Apple Music app on my Mac and rely on third-party apps that let me control music. Today I am featuring one of the latest apps I discovered. It’s called Liqoria, and it’s probably the only music player app you will ever need.

Read more
Anthropic is giving away Claude Fable 5 at no extra cost for a limited time
You can try Claude Fable 5 for free - but don't wait too long
Electronics, Mobile Phone, Phone

Anthropic is making it a little easier for paying subscribers to try its newest AI model without spending extra money. The company has announced a limited-time promotion that gives users on eligible paid plans access to Claude Fable 5 at no additional cost until July 19, 2026. There's a catch, though: the model isn't completely unlimited, and once you hit a usage threshold, you'll either need to start paying or switch to another Claude model.

The promotion comes as competition in the AI assistant market continues to intensify. OpenAI, Google, Microsoft and Anthropic are all racing to get users onto their latest flagship models, often using free trials or promotional access to encourage adoption. Rather than offering unlimited access, Anthropic is betting that giving subscribers enough time to experience Fable 5's capabilities will convince many to continue using it after the promotion ends.

Read more
Scammers are now cloning trusted news websites to steal your money
Breaking news: That breaking news probably isn't breaking news
Scammers are turning trusted news brands into investment traps

Seeing a story on the website of a trusted news organisation is usually enough to lower your guard. Cybercriminals know that, and they're increasingly exploiting the credibility of major publishers to steal money from unsuspecting readers. The latest example involves fake Guardian articles featuring billionaire Jim Ratcliffe. Still, the scam is part of a much larger campaign that's also impersonating the BBC and other well-known media outlets.

According to The Guardian, fraudsters are creating convincing clones of legitimate news websites and filling them with fabricated stories designed to lure readers into bogus cryptocurrency and investment schemes. Instead of trying to hack victims directly, the scammers first convince them they're reading real journalism.

Read more