Fake FCI Exchange report emails carry malware infection

SophosLabs is intercepting a large number of malicious emails that have been spammed out across the internet.

The emails, which use a variety of subject lines, refer to selling real estate notes and claim to come from a firm called FCI Exchange.

Here’s a typical example:

FCI email malware attack

Sign up to our free newsletter.
Security news, advice, and tips.

Hello,

We wanted to let you know that FCI Exchange, The Nation's Leading Note
Trading Platform is searching for real estate note owners interested in selling.

For additional Information refer to attched FCI Exchange Report

Remember FCI Exchange has thousands of buyers ready to act and
there are no charges until a note is purchased. We look forward to
working with you.

Subject lines used in the malicious email campaign include:

We sell Real Estate notes
Performing Notes Wanted
RE notes wanted

Attached to the emails is a ZIP file (typically called FCI_Exchange_Report_[random number].zip) which contains a malicious file designed to infect Windows computers.

Sophos security products are being updated to detect the malware as Troj/Dorkbot-BL (the emails are already being intercepted as spam).

Please remember to keep your wits about you, and never open unsolicited email attachments – it could be designed to infect your computer.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.