Home > Cyber News > Scam! Fake Facebook Emails Distribute the Nivdort Trojan

Scam! Fake Facebook Emails Distribute the Nivdort Trojan

STOP-SPAM-sensorstechforumSpam never gets tired. There was a peak in spam campaigns during the winter holidays but apparently we are not going to see the end of them any time soon. Fraudsters are constantly attempting new ways, and often involve social media to draw as many users as possible.

A brand new spam campaign detected by Comodo researchers is currently targeting Facebook users.

Because this campaign resembles a lot the one that targeted WhatsApp not long ago, researchers believe it’s another effort by the same spammers.

How does the Facebook-themed spam campaign work?

Like we said, the campaign doesn’t differ much from the one that was aimed at WhatsApp users and was spreading the Nivdort Trojan.

Learn More about the WhatsApp-themed Spam

Spammers are again sending fake email messages that imitate official notifications, this time from Facebook. Those emails are reported to contain audio messages. Similar to the WhatsApp spam scam, the emails are tricking users into believing they have received a legitimate voice message.

Spam emails may have a subject line like the following:

  • You have obtained a voice notification;
  • An audio memo was missed;
  • A brief audio recording has been delivered;
  • A short vocal recording was obtained;
  • A sound announcement has been received;
  • You have a video announcement;
  • A brief video note got delivered;
  • You’ve recently got a vocal message.

Not surprisingly, the payload of the spam operation is Nivdort – the same Trojan that was distributed in the WhatsApp-themed campaign. The Trojan is contained within the email attachment. Once executed, Nivdort will automatically replicate itself into C:\ directory. Then, it will add a Windows Registry entry will run automatically upon restart or shut down of the PC.

Additionally, Nivdort modifies the Windows Hosts file and prevents users from accessing websites of anti-virus companies. The Trojan also attempts to disable the Firewall notifications from the Windows Security Center.

As pointed out by the Comodo research theme, phishing may not be the most groundbreaking attack but it’s definitely one proven to be very effective.

Learn More about Phishing

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share