A new malware named “Voldemort” has been discovered by security researchers at Proofpoint, and it’s causing alarm with its innovative evasion techniques. This malware spreads through phishing emails that cleverly impersonate legitimate communications and uses Google Sheets to mask its activities from detection systems.
Primarily targeting sectors such as insurance, aerospace, transport, and education, Voldemort’s attack vector involves sending emails that appear to be from credible authorities based in the USA, Europe, or Asia. These emails are tailored to match the recipient’s location, offering links to documents supposedly containing “updated tax information.”
Since its emergence on August 5, 2024, the Voldemort campaign has resulted in over 20,000 phishing emails being sent to more than 70 companies, with daily peaks reaching up to 6,000 emails. Clicking on these links directs victims to download files disguised as PDFs, but the true threat is the malware’s ability to blend in with normal network traffic and use Google Sheets as a command-and-control server. This technique allows it to avoid detection by security systems.
The capabilities of Voldemort extend beyond data theft; it can also download further malware, delete files, and deactivate itself temporarily. This makes it a highly flexible and dangerous threat.
For protection against this malware, Proofpoint suggests limiting access to external file-sharing services, blocking unnecessary connections to TryCloudflare, and keeping an eye out for suspicious PowerShell executions.