Collaborate Disseminate
Yet another fake or spoofed DHL delivery notification delivering what today turns out to be Lokibot . An email with the subject of “Arrival Notice For BL – 08/23/2018 / Vessel – DHL Express” coming from DHL Express Internationa… Continue reading Yet another Fake DHL delivery note delivers Lokibot
This generic email with the subject of “Invoice Due” coming from help@simplexhealthcare.info with a malicious password protected word doc attachment does eventually deliver some sort of malware. Recently password protected word docs have… Continue reading False Invoice Due email with password protected attachment delivers malware
Yet another fake or spoofed DHL delivery notification delivering what looks like Agent Tesla keylogger. An email with the subject of “Vessel Schedule ETD:AUG 26 ,ETA:SEP 20” coming from Donald Townsend <comercial@twistermedical.com>… Continue reading Fake DHL delivery notification Agent Tesla Keylogger
Today’s Trickbot campaign is a pretty lame example from this prolific malware gang. The email containing the subject of “Submission 5DW8 F36N MG2A 9HJ not processed ” pretending to come from noreply.taxreg@notifications.hmrc.gov.uk b… Continue reading Fake HMRC “Submission 5DW8 F36N MG2A 9HJ not processed ” delivers trickbot
This example is an email containing the subject of ” You have received a Secure Doc message from Citi Secure Email Server ” pretending to come from Citi Group but actually coming from “noreply@securemailcenter-citigroup.com” whi… Continue reading Fake “You have received a Secure Doc message from Citi Secure Email Server” delivers Trickbot
Yet another change to the Trickbot Banking Trojan distribution system again today. Today the Trickbot gang are pretending that a scanner or multifunction device is emailing you a scanned document. We used to see this lure all the time from other malw… Continue reading Fake “Scanned from a Xerox Multifunction Printer ” delivers Trickbot
For a change we have a slightly unusual hybrid mish-mash, combination of a 419 scam and a Java Adwind malware delivery. It is common to see Java Adwind delivered by fake financial emails or by fake parcel delivery notices. To my recollection this is th… Continue reading 419 scam with a Java Adwind payload
This example is an email containing the subject of “Critical Notice: Statement of Liabilities” pretending to come from HMRC but actually coming from “service@hmrcemail.co.uk” which is a look-a-like, typo-squatted or other domai… Continue reading Fake HMRC “Critical Notice: Statement of Liabilities” delivers Trickbot
A bit of a change to the Trickbot delivery system today, In fact quite a lot of changes. This example is an email containing the subject of “FW: Payslip ” pretending to come from Brightpay payroll services but actually coming from a look-a-… Continue reading Fake Brightpay payslip notification attempts to deliver Trickbot
An email with the subject of “This is an electronic efax Notification” pretending to come from efax but coming from efax@ramatmed.com with a link to download a malicious word doc that delivers Hancitor They are using email addresse… Continue reading Hancitor delivered via fake This is an electronic efax Notification