A new Spam Email Campaign has been detected in the Wild. The scammer behind this scam campaign claims himself a private intelligence analyst. The spam email containing text message discusses about two recent crashes involving Boeing 737 Max aircraft. He supposedly claims he has discovered a leaked document on the Dark Web which contains information about other airline companies that will be affected by such crashes in the future.
The two incidents mentioned in the spam email
In the Airlines plane crash Boeing 737 MAX 8 spam email, the scammer tries to scam the unsuspecting users by two recently crashes involving Boeing 737 Max aircraft. In the first incident, Ethiopian Airlines Flight ET302 from Addis Adaba, Ethopia, to Nairobi, Kenya, crashed just minutes after taking off from Addis Adaba International Airport on 10th of March. In the second incident that happens several months before on 29 October 2018 when a Lion Air Flight 610 crashed after taking off from Jakarta airport, killing 189 people.
Here is the full text of the spam email:
I believe you have heard about the latest crash Boeing 737 MAX 8 which happen on sunday 10 march 2019, All passengers and crew were killed in the accident
Ethiopian Airlines Flight ET302 from Addis Ababa, Ethiopia, to Nairobi, Kenya, crashed shortly after takeoff
The dead were of 35 different nationalities, including eight Americans.
On 29 October 2018, the Boeing 737 MAX 8 operating the route crashed into the Java Sea 12 minutes after takeoff.
All 189 passengers and crew were killed in the accident.
note: there was a leak information from Darkweb which listed all the airline companies that will go down soon.
kindly notify your love ones about the informations on these file.
private inteligent analyst”
The scammer, supposedly the Joshua Berlinger claims himself a “private intelligence analyst” written misspelled in the spam email text message as “private inteligent analyst”. He claims he has a list of other several airline companies that will go down soon. He asks the recipients to view that list by opening JAR file named “MP4_142019.jar”.
Once click, a malware named H-worm RAT get install on the device, as what explain by security researcher Lawrence Abrams:
If a user attempts to open the JAR file, it will be executed by JAVA on the computer. This attachment was originally thought to only install the Houdini H-worm Remote Access Trojan, but security researcher Racco42 felt that it was too large to just be that single malware.
Malicious H-worm RAT creates privacy risk and system vulnerabilities
The H-Worm RAT is a VBS (Visual Basic Script) worm, which has RAT capabilities and hence it allows its developers to monitor the PC behavior from their remote server. The developers can easily steal the personal details and other sensitive details from the infected computers.
If you have any email related to the Subject, “Airlines plane crash Boeing 737 MAX 8”, you should stay away from it. It is just a scam designed to proliferate a malware.