Malicious messages of love spammed out by hackers

Graham Cluley
Graham Cluley @

 @grahamcluley.com
 / grahamcluley

Heart stethoscope
You should be wary of unsolicited messages of love that arrive in your email inbox. That’s the warning I’m issuing following a malicious campaign orchestrated by cybercriminals that is hitting email systems around the world as I type.

Emails which use a variety of romantic subject lines and message bodies are designed to tempt unwary users into opening the attached file.

However, opening the file (which is named open.zip) could lead to your computer becoming infected by malware, which could give hackers access to your PC.

Subjects used in the attacks include:

Sign up to our free newsletter.
Security news, advice, and tips.
  • You make me... a very happy...my love
  • I think... our relationship is beautiful.
  • This love note is very happy thought, and it is so true.
  • I love... to hold you in my arms.
  • I love you...I love us.
  • I long... to be near you.
  • When I am with you, ... I never want to leave.
  • You don't have to be perfect, to be perfect for me.
  • Always... thinking of you.
  • Your love has made me... wealthy beyond my dreams.
  • I love... our love.
  • If I don't romance you, If I don't adore you, If I don't cherish you... I don't deserve you.
  • You... have Wowed me from the very beginning.
  • This love note is very happy thought, and it is so true.

Messages inside the emails follow similar lines, and it appears that the criminals behind the campaign are altering the phrases by adding dots and pauses in an attempt to defeat the more rudimentary filters that some might deploy.

Sophos detects the malware proactively as Mal/BredoZp-B and Mal/FakeAV-DH.

Users of other security products would be wise to check that their software is capable of detecting this threat, as it’s only to easy to imagine how someone could be tempted by the romantic message to open the malicious attachment.

In the past, messages of love have been an all too successful disguise for hackers attempt to spread their attacks via email. It’s hard to believe that it’s almost ten years since the infamous “ILOVEYOU” worm (also known as the Love Bug) crippled email systems worldwide which what pretended to be a love letter.

Graham Cluley
Graham Cluley

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and hosts the popular "Smashing Security" podcast. Follow him on LinkedIn, Bluesky and Mastodon, or drop him an email.

You may also like...

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.