More UPS delivery malware spammed out via email

With apologies to Dooley Wilson..

# It’s still the same old story
A fight for love or glory
A case of do or die.
The world will always welcome spammers
As time goes by.. #

Yes, the oldies are the goldies, and so long as the public are still falling for tried-and-trusted tricks why should the hackers adopt new ones?

Here’s a malicious spam campaign that we’ve seen in large numbers in the last few hours. It’s modus operandi shouldn’t be any surprise to regular readers of the Clu-blog:

The emails read as follows:


We were not able to deliver postal package you sent on February the 23th in time because the recipient’s address is not correct.

Please print out the invoice copy attached and collect the package at our office.

Your United Postal Service

Attached to the email is a file,, which contains the malicious Troj/Inject-FG Trojan horse. But many users…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.