【お知らせ】日本ジャーナリスト会議(JCJ)2025年度定期総会開催。3月29日(土)13時からオンラインで開催=JCJ事務局<br />

日本ジャーナリストクラブ(JCJ)
3 months ago
 日本ジャーナリスト会議(JCJ)はJCJ規約に基ずき、2025年度定期総会(オンライン開催)を開く。本部・各支部・部会等活動報告と2025年度方針の後、JCJ創立70周年、戦後80年の取り組み、会員拡大、JCJ賞、機関紙など意見交換を予定。会員はどなたでも参加し、発言することができます。。多くの参加を呼びかけます。日本ジャーナリスト会議事務局長 古川 英一●開催要項 参加対象者:日本ジャーナリスト会議(JCJ)会員 主   催:日本ジャーナリスト会議運営委員会 総会議案書..
JCJ

Simple Phish Bait: EFF Is Not Investigating Your Albion Online Forum Account

EFF update
3 months ago

We recently learned that users of the Albion Online gaming forum have received direct messages purporting to be from us. That message, which leverages the fear of an account ban, is a phishing attempt.

If you’re an Albion Online forum user and receive a message that claims to be from “the EFF team,” don’t click the link, and be sure to use the in-forum reporting tool to report the message and the user who sent it to the moderators.

A screenshot of the message shared by a user of the forums.

The message itself has some of the usual hallmarks of a phishing attempt, including tactics like creating a sense of fear that your account may be suspended, leveraging the name of a reputable group, and further raising your heart rate with claims that the message needs a quick response. The goal appears to be to get users to download a PDF file designed to deliver malware. That PDF even uses our branding and typefaces (mostly) correctly.

A full walk through of this malware and what it does was discovered by the Hunt team. The PDF is a trojan, or malware disguised as a non malicious file or program, that has an embedded script that calls out to an attacker server. The attacker server then sends a “stage 2” payload that installs itself onto the user’s device. The attack structure used was discovered to be the Pyramid C2 framework. In this case, it is a Windows operating system intended malware. There’s a variety of actions it takes, like writing and modifying files to the victim’s physical drive. But the most worrisome discovery is that it appears to connect the user’s device to a malicious botnet and has potential access to the “VaultSvc” service. This service securely stores user credentials, such as usernames and passwords

File-based IoCs:
act-7wbq8j3peso0qc1.pages[.]dev/819768.pdf
Hash: 4674dec0a36530544d79aa9815f2ce6545781466ac21ae3563e77755307e0020

This incident is a good reminder that often, the best ways to avoid malware and phishing attempts are the same: avoid clicking strange links in unsolicited emails, keep your computer’s software updated, and always scrutinize messages claiming to come from computer support or fraud detection. If a message seems suspect, try to verify its authenticity through other channels—in this case, poking around on the forum and asking other users before clicking on anything. If you ever absolutely must open a file, do so in an online document reader, like Google Drive, or try sending the link through a tool like VirusTotal, but try to avoid opening suspicious files whenever possible.

For more information to help protect yourself, check out our guides for protecting yourself from malware and avoiding phishing attacks.

Alexis Hancock