Malware attack targets German internet users

.de domain. Image from ShutterstockDo you remember the spammed-out malware attack which appeared to be targeting French speakers last week with its offer of très sexy photos from a Gallic admirer?

Well, now it seems that German internet users are in the targets of cybercriminals.

A malware campaign has been sent out, seemingly just to email addresses ending in “.de”, claiming that photos of the recipient can be found in the attached file.

Those with a curious disposition might find it hard to resist clicking on the attachment to find out more.

Sign up to our free newsletter.
Security news, advice, and tips.

Here are just a small selection of the examples we have intercepted in our spam traps:

Malicious email

Subject: Fwd: Deine Fotos

Message body:
Hi,
deine Fotos findest du im Anhang (Internet Explorer format)

MfG,
[NAME]

You’ll notice that the emails have forged “from:” addresses. Presumably the masterminds of the malware campaign are hoping that some users might be more likely to open emails that pretend to come from LinkedIn..

Malicious email

.. or Habbo Hotel.

Malicious email

Attached to each of the emails is a file, called DCIM.htm, which is detected by Sophos products as Troj/Redir-P.

The file (which users are encouraged by the email to open using Internet Explorer) attempts to contact a Russian website known to contain malware.

Remember to always be suspicious of unsolicited messages, even if they arrive in your native language.

.DE domain image from Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.