Collaborate Disseminate
Yet another fake or spoofed DHL delivery notification delivering what today turns out to be Remcos RAT . An email with the subject of “READ : (DHL Express) -Delivery Address Confirmation” Pretending to come from dhlSender@dhl.com <nore… Continue reading Fake DHL READ : (DHL Express) -Delivery Address Confirmation delivers Remcos Rat
I have no idea at this time what malware is being delivered with this campaign. However it is abusing Microsoft, Google and Amazon AWS services. When I first saw the email, I thought it was likely to be a phishing email, so was quite surprised when … Continue reading Fake Facebook reported photo scam delivering malware
Just a quick post. We are currently being slaughtered by fake resume job applications again today. Some of the emails come with a password protected word doc attachment. Some come with links to download the malicious password protected word doc. They … Continue reading Fake Resume campaign downloading Nymaim still hitting UK
We are back to a more complicated Trickbot download campaign today with links in the email to download the XLS file instead of attachments. This was first mentioned on 22 October 2018 when I missed the onslaught. This example is today’s latest spoof… Continue reading trickbot via fake Ernst & Young overdue invoice
This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email with the subject of “RE: Reference Number: 20515522” pretends to come from HMRC Business VAT R… Continue reading trickbot via Fake HMRC Business VAT Reclaim RE: Reference Number: 20515522
I am a bit late reporting on these Trickbot campaigns from yesterday 22 October 2018. I saw a tweet this morning saying about 2 campaigns yesterday. the first hitting UK Spoofing Microsoft Office and the second hitting USA / Canada Which spoofs BMO Ba… Continue reading Trickbot campaigns 22 October 2018 hitting UK and Canada
Something slightly different to start with this morning. There is nothing special about the email lure, but the attached word doc seems to be a bit different to the ones we are used to seeing with equation editor exploits. I don’t know if this … Continue reading Agent Tesla Keylogger via fake new Order using Equation Editor RTF exploit
An email with the subject of “Re: Inquiry” pretending to come from AL SRAIYA HOLDING GROUP, a large consulting group in Qatar but actually coming from “purchase manager <jairus_miguel@bsdnetwork.com.br>” with a malic… Continue reading Lokibot via fake enquiry CVE-2017-8570 malware campaign error
This example is an email containing the subject of “Month End Report Sep 2018.xls ” pretending to come from HMRC but actually coming from “Brenda.Kimbell@hrmc-reports.co.uk” which is a look-a-like, typo-squatted or other domain… Continue reading trickbot via Fake HMRC “Month End Report Sep 2018.xls ” email
This example is an email containing the subject of “New fax message” coming from “noreply@confidentialfax.com ” . For a change the Trickbot criminals are not spoofing or typo-squatting any well known brand, company or Government… Continue reading trickbot via “New fax message” malspam