Western Union malware attack rides into inboxes

Our labs are seeing a stampede of emails claiming to come from Western Union’s support team, but are actually carrying a malicious payload in the form of a Trojan horse.

The emails, which pretend to have been sent from [email protected], have subject lines such as

Western Union Transfer MTCN: 2048922446

(note that the number is randomly generated) and contain the following message:

The money transfer you have sent on the 1st of April wasn’t collected by the recipient.
According to the Western Union regulation the transfers which are not collected in 15 days are to be returned to sender. To collect cash you need to print the invoice attached to this email and visit the nearest Western Union branch

Attached to the spammed-out emails is a file called WesternUnion_SPL90710021.zip, which, unbeknownst to the unsuspecting recipient, contains a malicious Trojan horse called…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.