WorldPay card transactions carry malware danger

Cybercriminals are up to their old tricks again, disguising their Trojan horses by spamming them out attached to emails claiming to come from legitimate organizations.

Today one of the malware campaigns we are seeing pose as communications from WorldPay, claiming that your credit card has been charged on behalf of Amazon.

Malicious email claiming to come from WorldPay

The emails have the subject line “WorldPay CARD transaction Confirmation”, and part of the email message reads:

Sign up to our free newsletter.
Security news, advice, and tips.

Your transaction has been processed by WorldPay, on behalf of Amazon Inc. The invoice file is attached to this message. This is not a tax receipt. We processed your payment. Amazon Inc has received your order, and will inform you about delivery.

Malicious attachment
Of course, if you haven’t bought anything on Amazon lately you might be all too tempted to click on the attached file (named WorldPay_CONFR.zip).

Which would be a mistake, of course, because it contains a copy of the Troj/Agent-JUC Trojan horse.

This is far from the first time that hackers have used a scam like this, and it won’t be the last.

The message, as always, is to be on your guard and think twice before opening an unsolicited email attachment.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.