Fake Amazon Marketplace invoice emails deliver ransomware via Necurs botnet

Haythem Elmir

The Necurs botnet has changed again today and appears to be delivering yet another ransomware version. I think today’s malware is some sort of  ransomware but I am not 100% sure. I am seeing mixed results whether it is ransomware or Trickbot, so it could well be “one of them files” that delivers different versions according to your IP address & country.

Update: I am informed that this is definitely Trickbot banking trojan, not ransomware, although several antiviruses are detecting it as a ransomware version.

An email with the subject of Invoice RE-2017-12-12-00572 ( random numbers after the date)  pretending to come from  Amazon Marketplace <lqftdwbmxYYfT@marketplace.amazon.com> ( random characters before the @ ) with a malicious word doc attachment  delivers what looks like some sort of ransomware

They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers.

Remember many email clients, especially on a mobile phone or tablet,  only show the Name in the From:  and not the bit in <domain.com >. That is why these scams and phishes work so well.

To read the original article:



Laisser un commentaire

Next Post

"Blue Whale Challenge", le jeu qui pousse les adolescents au suicide

C’est un jeu morbide, devenu viral sur les réseaux sociaux, notamment en Tunisie Blue Whale Challenge ou « Challenge de la baleine bleu » n’a pas de limite. Il consiste à réaliser une série de 50 défis, jusqu’au cinquantième : le suicide. Les responsable tirent la sonnette d’alarme: le jeu de quête […]