Casa > cibernético Notícias > Malicious Email Campaign Hits Amazon Customers in the UK

Campanha E-mail malicioso Acessos clientes da Amazon no Reino Unido

Os clientes do estão sendo direcionados por e-mails fraudulentos com documentos maliciosos do Microsoft Word anexados. As mensagens afirmam conter detalhes sobre o transporte de um pedido, tendo o número do pacote no campo assunto.
Campanha E-mail malicioso Acessos clientes da Amazon no Reino Unido

Sobre 600 000 Malicious Emails Sent

The malicious activity was first detected by researchers with AppRiver at the end of October. The number of malicious emails isolated by the company since then is 600 000.

Reportedly there is a Word document attached to the scam email that contains a malicious macro launching commands for funneling a Trojan dropper in the targeted machine. This particular one is a keylogger that steals banking credentials, login information for emails services and social media profiles. este, claro, does not guarantee that the criminals won’t use it in a different type of attack in the future.

Macro – A piece of VBA code that can easily be integrated in Office so users can automate their everyday tasks. This feature is often misused by cyber crooks, by adding commands for downloading different malware to it.

Because of the risks involved, macros are disabled in Office component by default. assim, in order for the commands to be executed, the user needs to turn on the support for macros intentionally.

The Crooks Behind the Campaign

AppRiver experts reveal that another party is targeting users of 160 000 malicious emails have been caught so far. The analysts have noticed a few differences in the subject and the content of the email, as well as in the injection approach, but the final purpose is still the same – to infect the targeted computer with malware.

To make the scam appear more believable, the crooks have added a few quite precise touches:

  • Amazon graphics are inserted in the message body.
  • The subject field contains an order confirmation.

In this case the scam emails do not have malicious file attached. What they contain are links to compromised WordPress sites. As the victim clicks on the link, the download of a file named invoice1104.pdf(ponto)scr is activated. The executable isn’t changed – it’s still a Trojan dropper.

The SCR extension on a Word document is a red flag on its own. Users are advised to be extra careful with purchase-related emails in the shopping season as hackers often use them as a cover for their malicious campaigns.


Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar