UPS delivery malware rears its ugly head again

Graham Cluley

It’s not a new technique for fooling people into opening a malicious attachment, but clearly the hackers still think it has some legs.

We’ve seen a lot of emails in our spamtraps today pretending to be a failed delivery report from UPS. The emails claim that UPS did not manage to deliver a package that you sent on February 23rd, because an incorrect destination address was specified.

All you have to do, says the dangerous email with the subject line “Delivery problems”, is open the attached invoice and contact your local UPS office.

Of course these emails aren’t from UPS at all, and opening the attached file ( is not a good idea at all, as it contains the Troj/Inject-FA Trojan horse…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.