Scan from a Xerox WorkCentre? Trojan attack spammed out widely

Xerox photocopierEmails claiming to come from a Xerox WorkCentre Pro photocopier have been spammed widely across the internet, containing a malicious file as an attachment.

Modern photocopiers don’t just copy your confidential documents, or see the downside of inebriated staff antics at the office party, they can also email you your documents these days.

Which makes them a possibly all-too-convincing disguise for today’s spammed-out malware campaign.

Although the precise wording varies from email to email, they all claim to be a scan (or sometimes a forwarded scan) from a Xerox WorkStation Pro.

Sign up to our free newsletter.
Security news, advice, and tips.

Scan from a Xerox WorkCentre Pro

Subject:

Scan from a Xerox WorkCentre Pro #[number]

Message body:

Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.
Sent by: Guest
Number of Images: 1
Attachment File Type: ZIP [DOC]

WorkCentre Pro Location: machine location not set
Device Name: [random]

The names of attached files can vary but are along the lines of Xerox_Document_08.23_C11125.zip and Xerox_Scan_08.23_K1274.zip.

Sophos products have been intercepting the emails as spam, and will be detecting the attached file as the Troj/Dload-ID Trojan horse.

As always, be very careful opening unsolicited attachments – even if you do think at first that they could have been sent to you by one of the photocopiers in your office building.

This attack has been spammed out very aggressively – and it seems certain that some computer users may have fallen victim to it.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.