Beware Changelog spammed-out malware attack

Internet users are receiving emails claiming to contain a changelog – but the files attached are really designed to infect computers.

Here’s what a typical email looks like, although the precise wording can vary.

Subject: Re: Your Changelog

Message body:
Good day,
as promised chnglog attached (Open with Internet Explorer)

The subject lines and attachment names can also be different from email to email – here’s a small selection.

What’s important is that you don’t click on the attached .HTM file.

If you do, your browser will try to run the malicious script contained within.

You will see a message saying:

You are redirecting
Loading… Wait please…

But there’s more to this file than meets the naked eye. If you examine the file’s code you can see the script it is running in the background:

Sophos detects the malicious attachment as…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.