UPS delivery malware rears its ugly head again

It’s not a new technique for fooling people into opening a malicious attachment, but clearly the hackers still think it has some legs.

We’ve seen a lot of emails in our spamtraps today pretending to be a failed delivery report from UPS. The emails claim that UPS did not manage to deliver a package that you sent on February 23rd, because an incorrect destination address was specified.

All you have to do, says the dangerous email with the subject line “Delivery problems”, is open the attached invoice and contact your local UPS office.

Fake UPS Delivery email carrying malware

Of course these emails aren’t from UPS at all, and opening the attached file (Invoice_8612112.zip) is not a good idea at all, as it contains the Troj/Inject-FA Trojan horse.

Sign up to our free newsletter.
Security news, advice, and tips.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.