Collaborate Disseminate
I am seeing a bit of changes today from the scumbags who are distributing the Hawkeye Keylogger Trojan. The email template is a typical fake Purchase Order with a malicious word doc attachment. The word doc is actually a RTF that uses the CVE-2017-118… Continue reading Some changes to malicious RTF docs delivering Hawkeye
A slightly different malware than usual to report on this morning. I haven’t previously seen an out and out destructive malware like this sent in mass malspam for many years. It must be intended to act as some sort of ransomware but there is no … Continue reading renamer destructive malware via fake inquiry email
With Christmas over we are starting to see an increase in malware campaigns. It is not up to the usual level yet because the Russian Gangs are still on their Xmas breaks, but the rest of the scumbags are trying to make up for it. Some like this one are… Continue reading Lokibot via Fake DHL quotation using .ace attachments
A slightly interesting and unusual malware delivery to report first today. First we note the spelling mistake in the subject line “Purchase Oder”, then the body content when the email is delivered to the prospective victim. Please read the … Continue reading megalodon delivered via fake purchase oder via compromised Godaddy DNS settings
A slightly different scam to report on this weekend. I received a message from a concerned party asking me to look at an email and link to see whether they might have been infected or compromised. Their message reads From: Roger: sally@<redacted&#… Continue reading Bitcoin scam spoofing BBC news
We see lots of phishing attempts for email, bank, PayPal, Credit card and other financial credentials. This one is slightly different than many others and much more involved and complicated, designed to make analysis and blocking by anti-phishing tools… Continue reading American Express Phishing using encoded html attachment
Java Adwind is a persistent malware that we see frequently. It tends to come in waves and we haven’t seen much hitting the UK in recent weeks. But the long Christmas break is still in effect in the UK. The malware bad actors know that the defence… Continue reading java adwind via fake outrigger corp invoice
It looks like we have a new Ransomware spreading as a nice Christmas Present. This is being identified as Criakl by Anyrun , but if it is criakl, then it is a new version . Criakl was around in 2014 and has been seen sporadically since then, but hasn&#… Continue reading new Ransomware possibly criakl version
We are seeing a slight change in the Lokibot campaign deliveries today. We always see a lot of Lokibot hitting the UK. We don’t bother to post about most of them,just tweet about them to other researchers, because the subjects & emails are so gener… Continue reading Lokibot continues to hit UK using XLS file attachments
We are still seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK again this week. Today we are seeing an Xmas Payslip theme The subjects vary slightly but include Wages December, Salary Payslip, Christmas Payslip, Chrithmas Payslip or si… Continue reading Fake Xmas Bonus Payslip delivers Ursnif – Gozi