Collaborate Disseminate
FormBook info-stealing malware has been part of two recent distribution campaigns and is being sold on the Dark Web for as little as $29 a week. Continue reading FormBook Malware Targets US Defense Contractors, Aerospace and Manufacturing Sectors
Continuing with the never ending series of malware laden emails is an email with the subject of DHL GLOBAL FREIGHT CONSIGNMENT FORM coming from DHL GLOBAL WORLD WIDE AGENT <deddi@karebet-group.com> with a .ace attachment delivers malware that looks like a pony dropper and /or fareit password stealer trojan Update: returns are coming back from … Continue reading → Continue reading Fake DHL GLOBAL FREIGHT CONSIGNMENT FORM malspam delivers malware
An email with the subject of Commercial Invoice pretending to come from export@dhl-invoice.com with a malicious Excel XLS spreadsheet attachment delivers some sort of malware. I don’t know what this is at the moment and online sandboxes or VirusTotal aren’t really helping either. No doubt one of my contacts will soon tell … Continue reading → Continue reading Fake DHL Commercial Invoice malspam delivers malware
Following on from this post about Japanese Language invoice malspam delivering Ursnif, we are currently seeing another Japanese campaign about damaged photos. These contact the same sites as mentioned in the other post to download the same malware version. 48336.doc Current Virus total detections: Payload Security Which is still showing the same … Continue reading → Continue reading spoofed DHL email Japanese language malspam about damaged photo delivers ursnif
Continuing with the never ending series of malware downloaders is an email with the subject of DHL Tracking Number for shipment 97 93745 186 ( random numbers) pretending to come from DHL Corporation with a link in email body to download a file that will deliver what looks like ransomware I had a … Continue reading → Continue reading fake DHL Tracking Number for shipment malspam delivers ransomware
We see lots of phishing attempts for email credentials. This one is somewhat different than many others. It pretends to be a message from DHL telling you to Sign In With Your Correct Email and Password To Review Package Information They use email addresses and subjects that will entice a user … Continue reading → Continue reading Spoofed DHL Attention: You have 1 New Parcel for delivery phishing scam
Continuing with the never ending series of malware downloaders is an email with the subject of Fwd: DHL Redelivery Confirmation #574068024996 ( random numbers) pretending to come from random companies, names and email addresses with a semi-random named zip attachment which delivers Ursnif banking Trojan. This is an updated version to this … Continue reading → Continue reading More fake DHL Fwd: DHL Redelivery Confirmation malspam delivering ursnif banking trojan
Continuing with the never ending series of malware downloaders is an email with the subject of 6109175302 Statements x Requests Required ( random numbers) pretending to come frombgyhub@dhl.com with a zip attachment containing 2 differently named .js files which delivers some sort of malware. I am not certain yet what it is but … Continue reading → Continue reading fake DHL Statements x Requests Required delivers malware
We see lots of phishing attempts for email credentials. This one is slightly different than many others and much more involved and complicated. It pretends to be a message from DHL to pickup a parcel. At first I thought, Oh look the criminals have found a new way to persuade … Continue reading → Continue reading PARCEL ARRIVED (Waiting Pick Up)!!! spam – Phishing
We have been seeing a massive malspam campaign today delivering Ursnif banking Trojan via js files inside zips. There have been numerous different subjects and campaign themes I will detail some of them here: Our reference: 733092244 pretending to come from Eli Murchison <Hughchaplin@yahoo.de> Hotel booking confirmation (Id:022528) pretending to … Continue reading → Continue reading massive malspam campaign delivering Ursnif banking Trojan via js files