Malware spammed out as Facebook password change notification

Graham Cluley
Graham Cluley
@[email protected]

If you received an email from “Facebook Service” telling you that your password had been changed because a spam message had been sent from your account, would you believe it?

Well, cybercriminals certainly hope you would as they’re spamming out malicious emails today attempting to trick unsuspecting users into opening an attached Trojan horse.

Malicious email message

The messages look similar to the following:

Sign up to our free newsletter.
Security news, advice, and tips.


Facebook Service. Personal data has been changed! ID[random number]



Facebook Office. Your login details changed! ID[random number]


Facebook_details_ID[random number].zip

using different random numbers.

Message body:

Good afternoon

A Spam is sent from your FaceBook account.

Your password has been changed for safety.

Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.

Please do not reply to this email, it's automatic mail notification!

Thank you.
FaceBook Service.

Opening the attached file is obviously a very bad idea – as it will infect you with a Trojan horse that attempts to communicate with a website hosted in Russia.

Sophos products detect the Trojan horse as Troj/Agent-QAY, and the ZIP file which encloses it as Mal/BredoZp-B.

Hopefully most people wouldn’t fall for a scam like this, perhaps because they would notice the awkward use of language used in the email.

But with so many Facebook-addicts out there, I wonder how many people would panic at the thought of their password being changed and rashly click on the attachment without thinking.

Make sure that you keep your computer security up-to-date, and remain aware of the social engineering tricks used by cybercriminals to lure you into running their malware.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.