Cybercriminals have started sending phishing emails to users en masse on behalf of Russian agencies. Malwarebytes, a company specializing in cybersecurity, told about the new deception scheme.
Since March 23, messages have been regularly sent to the e-mail of Russian users, allegedly on behalf of representatives of the Ministry of Finance and Roskomnadzor. The letters contain a warning about the illegality of using websites, social networks, messengers and VPN services banned in Russia to bypass their blocking. The message is accompanied by an RTF file with a list of prohibited resources.
Experts have found out that when opening a document on a smartphone, PC or any other user’s device, an HTML file is downloaded, which activates a script that allows fraudsters to gain remote access to device data.
The mailing of phishing emails is configured primarily to the addresses of electronic mailboxes with domains mail.ru , yandex.ru , mvd.ru , cap.ru and minobr-altai.ru .