On Dec’23rd an eCard was sent to a few government employees and contractors that spoofed a Whitehouse.gov email address. The spoofed eCard contained a piece of malware that was able to steal 2 gigabytes of sensitive PDF, Word and Excel documents from the targets.
According to Network World, security expert Brian Krebs was able to identify some of the government entities that fell victim to the spoofed eCard. Some of the victims included an intelligence analyst with the Massachusetts State Police, an employee at the National Science Foundation’s Office of Cyber Infrastructure and an employee of the Financial Action Task Force.
The eCard message stating: “As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we’re profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission.”
But the nice message wasn’t all that was packed in there, when opened the eCard also deployed a variant of the Zeus banking Trojan. The variant was designed to steal documents rather than steal usernames and passwords like the original Zeus Trojan would do.