Beware of Fake Royal Mail Email Containing Trojan
Experts from MX Lab intercepted a new Trojan distributing mail title as “Mail – Lost / Missing package” which is being sent from a spoofed mail address “Royal Mail Group”.The mail contains the following message,
Mail – Lost / Missing package – UK Customs and Border Protection
Royal Mail has detained your package for some reason (for example, lack of a proper invoice, bill of sale, or other documentation, a possible trademark violation, or if the package requires a formal entry) the RM International Mail Branch holding it will notify you of the reason for detention (in writing) and how you can get it released.
Please fulfil the documents attached.
The attachment stated in the email is a ZIP file and contains a PDF document of 107kb named as, "RoyalMail_Report-ID-37846378962513415238471238476218736487123684.pdf". This PDF hides a Trojan downloader and once it is on a system, it creates a new process,adds itself to the Windows registry so that it stays persistent and changes the firewall settings.It is also capable of stealing credentials from FTP clients,collects information to fingerprint the system, performs HTTP requests and starts servers listening on 0.0.0.0 on port 7748, 0.0.0.0 on port 6023 and 0.0.0.0 on port 0.
We advise our readers not to open files from untrusted emails and to update antivirus applications on your system.
Source:[Click Here!]
We advise our readers not to open files from untrusted emails and to update antivirus applications on your system.
Source:[Click Here!]