A new malware known as Ascesso spreads to college graduates via a counterfeit student loan program social engineering trick.
Scammers Target Victims with a Student Loan Scenario
Computer criminals have raised their guns against college graduates. The latest scheme that they have employed in a recent attack uses social engineering to deliver the Ascesso malware. The attackers use counterfeit emails that promise student loans. The hackers have devised a fake “Forgiveness Program” message that is sent to unsuspecting college students.
The scam offers the victims carious counterfeit benefits. Some of the victims reported that they have even called and received a response from the spoofed telephone number listed. The users have stated that they have been told to purchase iTunes gift cards for hundreds of dollars as an “application fee”. Only after that they would receive further information about the false program.
The delivered Ascesso malware is part of the Tofsee family and is a modular Trojan. The first incidents with this type of malware have been reported in 2007. The capabilities of the malware give the attackers the ability to carry out distributed denial-of-service attacks (DDOS), install additional malware, mine BitCoin currency, steal private user data and others.
Security experts from Symantec who reported on this issue have spotted that there are several different variants of this malware family. Depending on the strain that infects the victim, the Trojan may also download and execute additional plugins to unleash even more damage. This makes Trojan attacks with the Ascesso malware dangerous as they can be modular in nature.
There are several spam email campaigns that are ongoing and it is very likely that new variants of the malware can be developed. We might even see new scenarios of social engineering coercion in effect, depending on the target victims.