Cybersecurity researchers are warning of a new wave of malware attacks targeting law firms, financial institutions, and other businesses. The attacks leverage a legitimate service, TryCloudflare, to distribute malicious files and evade detection.
The attacks involve emails with tax-themed lures that contain URLs or attachments leading to malicious LNK files. These files, when opened, trigger scripts that ultimately download and install remote access trojans (RATs) on the victim’s computer.
Researchers at Proofpoint first detected this activity in February and have observed a significant increase in the number of malicious emails sent since then. The latest wave, which began on July 11th, has distributed over 1,500 emails, compared to less than 50 in a previous wave in May.
The attackers exploit TryCloudflare, a free service offered by Cloudflare, to host their malicious LNK files. This makes the attacks appear more legitimate as Cloudflare is a trusted company. Additionally, the temporary nature of the TryCloudflare tunnels makes it difficult for defenders to block them.
Experts warn that the ease of use and free nature of TryCloudflare make it an attractive option for cybercriminals. They urge businesses to be cautious of any unsolicited emails, even those that appear to be related to taxes.