Charter flight reservation emails carry dangerous malware payload

Plane flying around planet. Image from ShutterstockOnce again, email users are being reminded to be wary of unsolicited email attachments – as a criminal gang spams out an attack designed to infect Windows computers.

The emails, which all have a subject line of “Charter flight reservation”, claim to be related to the reservation of a charter flight for multiple people.

However, attached to the emails is a file called Report-D9935.zip that contains malware.

Malicious email

Sign up to our free newsletter.
Security news, advice, and tips.

Malicious email

Malicious email

Just as with another malware campaign seen this week, the messages can vary and spelling mistakes appear to have been deliberately and semi-randomly included in an attempt to avoid detection by rudimentary filters.

Here is a small sample of the many different message bodies that we have seen:

Please confirm your resrevation of charter flight.
Your secreatry has reserved a charter flight for 55 persons. We have caluclate a price for rent this trip with a Airbus A320 aircraft. More informaiton you can get from attached booklet.

Please confirm your rseervation of charter flight.
Your secrteary has reserved a charter flight for 9 persons. We have claculate a price for rent this trip with a Dassault Falcon 7X CS-DSA aircraft. More infromation you can get from attached booklet.

Please confirm your reseravtion of charter flight.
Your secreatry has reserved a charter flight for 9 persons. We have calcluate a price for rent this trip with a Learjet 60 aircraft. More infromation you can get from attached booklet.

Attached to the emails is a file called Report-D9935.zip, which contains the malware.

What the cybercriminals are banking on, of course, is that some people will open the email attachment even though they haven’t booked a plane. You can imagine how some folks would do that out of curiousity, or concerned that they might be mistakenly being charged for something expensive.

It only takes a small number of people to fall for a trick like this for it to be worthwhile for the malware spreaders.

Sophos detects the emails as spam, and proactively protects against the malware – intercepting it as Mal/Katusha-F.

Airplane flying around a planet image, courtesy of Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.