Collaborate Disseminate
An email with the subject of New Xpress Money Certificate pretending to come from akash.kushwah@xpressmoney.com <xm.ca@xpressmoney.com> with a zip attachment which downloads a JAVA Jacksbot They use email addresses and subjects that will entice a user to read the email and … Continue reading →
An email with the subject of New Xpress Money Certificate pretending to come from xm.ca@xpressmoney.com with a zip attachment which delivers a java jacksbot Trojan They use email addresses and subjects that will entice a user to read the email and … Continue reading →
Continue reading New Xpress Money Certificate java jacksbot Trojan
An email with the subject of On Hold Transactions From 21.06.2016 pretending to come from Saeed Abugharbieh <saeed.abugharbieh@xpressmoney.com> with a zip attachment that contains a Barys Trojan and a copy of the image in the email. The ,exe file drops a JAVA jar … Continue reading →
Continue reading On Hold Transactions From 21.06.2016 Xpress Money Services
An email pretending to be a sage invoice with the subject of FW: Invoice_515002 coming from “postmaster@footballplayers19.gq”@footballplayers19.gq; on behalf of; Leanna Sage Whitaker <postmaster@footballplayers19.gq> with a zip attachment which downloads They use email addresses and subjects that will entice a user to … Continue reading →
Since yesterday 15 June 2016, we have been hearing about a slow but steady trickle of Locky ransomware / Dridex banking Trojan JavaScript downloaders inside zip file attachments. The first one I received on my mail server were at about 4 am UTC … Continue reading →
Continue reading Locky ransomware / Dridex banking Trojan trying to come back
An email with the subject of You have received a new fax pretending to come from Incoming Fax <Incoming.Fax@victim domain.tld> with a zip attachment is another one from the current bot runs which delivers some malware. Edit: I am being told it … Continue reading →
Continue reading You have received a new fax from your own email address delivers malware
Another email in the long line of nemucod JavaScript downloaders with the subject of Re: pretending to come from random senders and email addresses with a zip attachment is another one from the current bot runs which downloads Locky ransomware They use email addresses … Continue reading →
Continue reading I wanted to follow up with you about your refund leads to Locky
Another email pretending to come from your own email domain with the subject of Scanned image pretending to come from admin <southlandsxxxx@victimdomain.tld> with a zip (rar) attachment is another one from the current bot runs which downloads Locky Ransomware They use email … Continue reading →
Continue reading Scanned image pretending to come from your own email domain delivers Locky
An email with the subject of Unity Link New Server Update pretending to come from info@unitylink.com with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may … Continue reading → Continue reading Unity Link New Server Update
An email with the subject of Verify Reciver Details and Advice For Payout pretending to come from amirmuhammed@almuzaniexchange.ae <abimks@buanaindependent.co.id> with a rar attachment which contains a java file and the jpg image which is shown in the email screenshot is another one from … Continue reading → Continue reading Verify Reciver Details and Advice For Payout – malware