Malware: ‘Scan from a HP OfficeJet’ attack spammed out widely

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

printerSophosLabs is intercepting a widespread criminal campaign to infect innocent users’ computers. The attack has been spammed out widely, pretending to be an email containing a scan from an HP OfficeJet printer.

The precise wording used in the dangerous emails’ subject lines, message body and attachment names can vary – but here are some examples:

Malicious emails

Malicious emails

Sign up to our free newsletter.
Security news, advice, and tips.

You will get an idea about some of the variations from the following randomly selected examples:

Malicious emails

Subject Attached filename
Re: Fwd: Scan from a Hewlett-Packard Officejet 69087080 HP_Document_02-22_OFCJET99677.htm
Fwd: Re: Scan from a HP Officejet #43384897 HP_Scan_02-22_OFCJET67245.htm
Fwd: Re: Scan from a Hewlett-Packard Officejet #1584730 HP_Scan_02-22_OFCJET67107.htm
Re: Scan from a Hewlett-Packard Officejet 1206754 HP_Document_02-22_OFCJET94399.htm
Re: Fwd: Fwd: Scan from a Hewlett-Packard Officejet #886303 1.2 HP_Scan_02-23_OFCJET15517.htm
Re: Fwd: Fwd: Scan from a HP Officejet #75709542 HP_Scan_02-22_OFCJET53685.htm
Fwd: Re: Fwd: Scan from a Hewlett-Packard Officejet #128469 HP_Officejet_02-23_OFCJET71498.htm
Fwd: Re: Re: Scan from a Hewlett-Packard Officejet #662447 HP_Scan_02-23_OFCJET99544.htm
Re: Scan from a HP Officejet #49477094 HP_Officejet_02-22_OFCJET43520.htm
Fwd: Fwd: Scan from a Hewlett-Packard Officejet #885932 HP_Document_02-23_OFCJET29774.htm
Fwd: Fwd: Scan from a HP Officejet #09665907 HP_Document_02-22_OFCJET84014.htm

Sophos security products detect the attached files as Mal/Iframe-W, and just as with yesterday’s “Changelog” malware attack, a malicious script inside the HTM file is designed to make your browser visit third-party sites which may contain further malicious and exploit code.

Attacks which cloak their true intentions by posing as an emailed scan from a printer are nothing new, and in the past have helped cybercriminals infect computers with Java and Adobe exploits.

Computer users need to learn to be wary of unsolicited attachments, and not blindly click on something just because it pretends to be an official communication.

Up-to-date anti-virus and anti-spam protection is a good defence. But remember to augment it with a good serving of common sense too in order to reduce the chances of an attack being successful.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.