Skip to main content

Aliens Discovered on Mars? Nope, Just a Phishing Scam

The DC Comics superhero Martian Manhunter, from the video game Injustice: Gods Among Us. Credit: Warner Bros. Interactive Entertainment/DC Comics

(Image credit: The DC Comics superhero Martian Manhunter, from the video game Injustice: Gods Among Us. Credit: Warner Bros. Interactive Entertainment/DC Comics)

Would you click on an email whose subject line reads "NASA Mars Found Alien Footprint"? 

You might be tempted — I know I would — but emails with these subject lines are probably part of a newly discovered phishing scam, according to Mountain View, California-based security software company Symantec Corporation. Attached to the emails is a .ZIP file allegedly containing the report of the alien discovery, but which actually contains a modification of a known Trojan called DarkMoon.

MORE: Give Me Tech Podcast Episode 2: Protect your Tech

DarkMoon (also called Poison Ivy) is a common remote-access Trojan (RAT). In this case, DarkMoon was hidden in a self-extracting .RAR attached to the emails. This file installs the DarkMoon Trojan onto the infected computers, and DarkMoon then creates a backdoor on the computer through which the criminals can remotely access some or all files and processes on the infected computer.

This particular modification of DarkMoon is used by a specific cybercriminal group that Symantec says it's been monitoring, and which has been active since at least mid-2012.

The scam emails pretend to be legitimate by impersonating NASA, according to Symantec. Presumably, this means the criminals used an email address that might appear at first glance to be an official NASA address, but, typical to phishing campaigns, has one or two letters off. The emails are also signed with the name of a prominent NASA astronaut.

The scammers behind the emails appear to have only targeted a few companies, mostly in the financial and engineering sectors, which has lead Symantec to classify the scam as a "spear-phishing" attempt. Spear-phishing is when scammers create emails designed to seem relevant to a very specific group.

"The targeted companies do not seem to have a strong connection with NASA and are not exclusively related to the aerospace industry," Symantec's Lionel Payet said in a company blog post. 

"The use of NASA and evidence of aliens may make people think that the attackers were after classified documents related to the aerospace industry, but this has not been confirmed," Payet wrote.

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.