Contract of many disguises contains Trojan horse

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Unsolicited email attachments are always something that should be treated with caution, and in recent months we have seen something of a rise in this method being used as a way of distributing malware.

Checking our monitoring systems today I see that a new widespread malware campaign is being spammed out, posing as contracts from the likes of Google, Apple, Procter & Gamble, and other well known firms.

Here is a typical email that has been seen, in this case claiming to come from Apple:

Example of a malicious email

Sign up to our free newsletter.
Security news, advice, and tips.

Opening the attachment, called New_Contract.zip, is not a good idea as it contains a Trojan horse.

Some of the other subject lines we have seen the hackers use in this malware campaign include the following:

Southwest Airlines Contract of settlements
Procter & Gamble Contract of order fulfillment
Toyota Permit for retirement
General Electric Lease contract
Berkshire Hathaway Loan Contract
Southwest Airlines Your new labour contract
Procter & Gamble Contract e-fulfilment
Procter & Gamble Contract direct marketing
Apple Contract of retirement
FedEx Contract direct marketing
Johnson & Johnson Contract e-fulfilment
Apple Start a personal account
Google Lease contract
Toyota Contract of order fulfilment
Starbucks Lending Contract

Of course, it’s the most natural thing in the world if you receive an email like this to open the attachment. You may think the email was sent to you in error, and want to reply that the sender has clearly got the wrong email address, but perhaps you would be tempted into opening the attachment first?

Even if you weren’t involved in any business dealings with the above companies you might still be curious enough to open the attachment to see what it contains. It is that curiosity which the cybercriminals are depending on in order to infect your computer, and potentially steal information, resources and money from you – so don’t make it easy for them. Just delete the messages if you receive them.

Sophos detects the malware as Troj/Invo-Zip. Users of other vendor’s anti-virus products are advised to check that their protection is up-to-date.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.