Blackhole malware attack poses as rejected wire transfer email

SophosLabs is intercepting a wave of malicious emails that have been spammed out around the world, luring unsuspecting internet users into clicking on a malicious attachment.

The emails all claim to be related to a rejected wire transfer. Although most savvy computer users would realise that unsolicited email is unlikely to be legitimate, there are some who might be vulnerable or merely curious enough to click on the HTML attachment, not realising that it can cause problems for their PC.

Here’s a typical example of an email we have intercepted.

The subject lines used in the malicious spam campaign can vary, but are all related to a “Wire Transfer Confirmation” (some give a reference number in an attempt to make the message appear more official).

Here is a small selection of the subject lines we saw at SophosLabs during the space of just one minute.

Attached to each email is a file called Wire_AMBA01-Rejected.htm, which Sophos products detect as…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.