Vodafone MMS email spam spreads malware

Graham Cluley
Graham Cluley
@[email protected]

EmailDo you own a mobile phone?

Is your mobile phone on the Vodafone cellphone network?

If so, you could be a prime target for infection by a new malware attack that has been distributed widely via email across the internet.

The attack, which SophosLabs has intercepted in its global network of email spam traps, poses as a notification about a MMS message that has purportedly sent to the recipient’s mobile phone.

Sign up to our free newsletter.
Security news, advice, and tips.

Here’s what a typical email looks like:

Malicious email claiming to come from Vodafone

Subject: You have received a new message
Attached file: Vodafone_MMS-uk.zip

Message body:

You have received a picture message from mobile number +447775226358
To save this picture, please save attached file.

Inside the ZIP file is a malicious program (Vodafone_MMS-uk.jpeg.exe), detected by Sophos products as Troj/Agent-YXP.

The program’s use of a double extension (.jpeg.exe) is clearly a ruse to try to trick people (especially those who have told Windows to hide file extensions) into believing that the file sent to them is a genuine JPEG image rather than malware.

Of course, the messages do not really come from Vodafone. The malicious hackers have simply forged the email headers in an attempt to make their boobytrapped message look more authentic.

And, of course, it would be trivial for the cybercriminals to change their message to make it appear as though it came from another mobile phone network, rather than Vodafone.

The malware is designed to infect Windows computers rather than mobile phones, but human nature being what it is there would be no surprise if some people opened the emails when it arrives on their computer, or forwarded it from their mobile phone to a Windows PC in an attempt to view the supposed picture.

Remember – you should always be suspicious of unsolicited messages, especially when they encourage you to open an attachment or click on a link. Cybercriminals are masters of using your natural curiousity against you, hoping to trick you into infecting your computer.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.