Security researchers discovered that a new malware campaign dubbed “Voldemort” has been targeting organizations around the world.
The malware, named after the infamous villain from the Harry Potter series, impersonates tax agencies in Europe, the United States, and Asia.
It's campaign has already sent more than 20,000 emails to over 70 organizations, with some days seeing as many as 6,000 emails sent in a single day.
These emails claim to provide updated tax information and trick recipients into clicking on malicious links.
Once clicked, the link takes the victim to a fake landing page that prompts them to download a document.
However, instead of receiving a legitimate document, the victim unknowingly downloads malicious software that can infiltrate their computer.
The malware is sophisticated, using a backdoor written in the C programming language.
It has the ability to perform various harmful actions, such as exfiltrating data, installing additional malicious software, and deleting files.
What makes Voldemort particularly dangerous is its use of Google Sheets as a command and control (C2) server.
This allows the malware to execute new commands on infected devices and store stolen data.
Voldemort malware targets specific sectors, including insurance, aerospace, transportation, and education.
The attackers seem to be interested in gathering intelligence rather than just financial gain, raising suspicions that a state-sponsored group could be behind this campaign.
While it is not yet confirmed who is behind the Voldemort malware, some experts suspect it could be linked to Chinese cyber-espionage groups.
Last year, the advanced persistent threat (APT) group known as APT41, which is associated with Chinese hackers, was found using Google Sheets as a C2 server.
The similarities between the tactics used by APT41 and Voldemort suggest a possible connection.