Nasty “Voldemort” malware uses Google application as camouflage

Security researchers at Proofpoint are warning of a new malware called “Voldemort”. The malware spreads via phishing emails and uses Google Sheets as a disguise to steal data and bypass security systems.

Dangerous magic in digital space

Companies in particular are in the attackers’ sights and are now being attacked by the new threat called “Voldemort”. As the online magazine Bleeping Computer reports, among others, this malware spreads via sophisticated phishing emails and uses an unusual camouflage strategy: Google Sheets.

The campaign, which started on August 5, 2024, has already been proven to have sent over 20,000 emails to more than 70 organizations worldwide, according to Proofpoint. On peak days, they reached up to 6,000 potential victims. The attackers are particularly targeting companies in the insurance, aerospace, transportation and education sectors.

Voldemort: A master of deception

The name says it all. The Voldemort malware is characterized by its clever approach. It disguises itself as legitimate network traffic by using Google Sheets as a command-and-control server (C2). By using the Google API with embedded credentials, the malware’s communication appears inconspicuous to security systems.

The attackers spread the Voldemort malware via phishing emails that disguise themselves as messages from tax authorities. These emails contain links to supposedly important documents. If a victim clicks on them, they are redirected through several times to download a file disguised as a PDF, which often happens unnoticed.

From data theft to system manipulation

Voldemort is primarily aimed at data exfiltration – a serious problem for affected companies. Since 2000, such data thefts have caused significant damage worldwide, from loss of customer trust to compromises on national security.
Infographic Hacking & Cybercrime: The biggest data thefts in the world

However, the malware can do even more: it is able to download new malware and delete files. This makes it a versatile threat to infected systems.

Protective measures against the dark lord

Proofpoint recommends several steps to protect yourself from Voldemort:

In addition, it is advisable to regularly sensitize employees to phishing threats and use multi-factor authentication where possible.

The name “Voldemort” for this malware is actually a reference to the main antagonist of the Harry Potter book series, also known as “He Who Must Not Be Named”. In the digital world, however, the naming seems to be less about instilling fear than about drawing attention to the danger of this malware.

What do you think about this new threat? Have you experienced similar phishing attempts? Share your experiences and tips in the comments – your perspectives are valuable to the community!

Download Therefore, Windows Defender and other antivirus apps do not run in parallel

See also: