An email with the subject of On Hold Transactions From 21.06.2016 pretending to come from Saeed Abugharbieh <saeed.abugharbieh@xpressmoney.com> with a zip attachment that contains a Barys Trojan and a copy of the image in the email. The ,exe file drops a JAVA jar … Continue reading →