Large airline crashes tend to uniquely focus almost everyone's attention. Lowlife internet criminals are exploiting the fear connected to these incidents, and leverage it in phishing attacks.
A new campaign is underway that uses the recent Boeing 737 Max crashes as a way to infect workstations with both remote access and info-stealing Trojans. This new campaign was discovered by 360 Threat Intelligence Center, who posted about them on Twitter and include a VirusTotal link which shows the AV engines that catch it.
These emails pretend to be from a private intelligence analyst who found a leaked document on the dark web. This document pretends to contain information about other airline companies will be affected by similar crashes soon, and in broken English "kindly notify your loved ones about the informations on these file".
The emails are coming from an email address at info@isgec.com and have subject lines similar to "Fwd: Airlines plane crash Boeing 737 Max 8". They also contain a JAR file as an attachment with names similar to MP4_142019.jar. Here is a screenshot:
Bleepingcomputer confirmed that both H-Worm RAT and Adwind info-stealing Trojans were installed.