Cybercriminals have widely spammed out a malware campaign today, posing as a confirmation email about a wire transfer.
A typical email looks like this:
Subject: Fwd: Re: Wire Transfer Confirmation
Dear Bank Account Operator,
WIRE TRANSACTION: WIRE-[random number] CURRENT STATUS: REJECTED
You can find details in the attached file. (Microsoft Word format)
The precise subject line used by the emails can vary, as the below snapshot demonstrates:
Attached to the emails is a file called Transaction_N48823.zip (obviously the spammers could change this filename at any time) which contains an executable file.
Sophos is adding detection of the ZIP file as Troj/BredoZp-KQ and the Trojan horse contained within as Troj/Bredo-ZT. Users of Sophos’s anti-spam solutions were already protected.
Interestingly, in the example above, the malicious email claims to have come from Habbo Hotel – a…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.