Has the Hello Darling Trojan arrived in your email yet?

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Sophos’s spamtraps are intercepting a new Trojan horse being widely distributed via email, using the disguise of photos from someone who claims to be an admirer.

The malicious emails have the following characteristics:

Subject: Hello Darling

Message body: Hi, how are you? My photos Which I promised in attached file

Sign up to our free newsletter.
Security news, advice, and tips.

Attached file: photo.zip

Hello Darling email attachment malware

Make sure you don’t make the mistake of opening the attached file, however, as it contains the Troj/Agent-LQH Trojan horse. Users of Sophos’s gateway products will also have been stopping the malicious campaign as spam.

There may be many people who get quite a kick of being sent photos out-of-the-blue from someone they’ve never heard of before (especially if they call you “Darling”), but this is just the latest social engineering trick being used by the bad guys to trick you into running their malicious code.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.