Western Union malware attack rides into inboxes

Our labs are seeing a stampede of emails claiming to come from Western Union’s support team, but are actually carrying a malicious payload in the form of a Trojan horse.

Malicious email claiming to come from Western Union

The emails, which pretend to have been sent from [email protected], have subject lines such as

Western Union Transfer MTCN: 2048922446

Sign up to our free newsletter.
Security news, advice, and tips.

(note that the number is randomly generated) and contain the following message:

The money transfer you have sent on the 1st of April wasn't collected by the recipient.
According to the Western Union regulation the transfers which are not collected in 15 days are to be returned to sender. To collect cash you need to print the invoice attached to this email and visit the nearest Western Union branch.

Attached to the spammed-out emails is a file called WesternUnion_SPL90710021.zip, which, unbeknownst to the unsuspecting recipient, contains a malicious Trojan horse called Troj/Agent-JZY.

Do you really want to fall for a hacker’s trick? Do you want to install code on your computer which could potentially steal your identity, turn your PC into a spam-spewing factory or hand over the reins to a remote hacker who can command your computer to do anything he wants?

I thought not.

So don’t fall for electronic con-tricks like this one – use your common sense. If you haven’t sent any money via Western Union, then why would they be telling you it failed to be delivered properly?

Common sense is your friend. It’s just such a shame that it doesn’t seem to be very common.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.