Fake HMRC REF: Notification of payment collection malspam delivers Smoke loader which downloads Trickbot Banking Trojan

Haythem Elmir

This example is an email containing the subject of “REF: Notification of payment collection” pretending to come from HMRC but actually coming from a look-a-like or typo-squatted domain < noreply@notificationsemailgovuk033.top >  with a malicious word doc attachment  is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan. The initial word doc downloads Smoke Loader and that in turn downloads other malware including Trickbot banking trojan. Since posting this several Analysts have looked at this “new” version of Trickbot and discovered it now has a Monero mining component included along with its Bank Account and password stealing capabilities. http://malware-traffic-analysis.net/2018/02/01/index.html.

has good write up on it.
In the UK it the time of year when we all have to do our tax returns and will get correspondence from HMRC telling us how much to pay. Be very wary of any email saying it is from HMRC. They normally do everything by letter, not email with word attachments.

To read the original article:https://myonlinesecurity.co.uk/fake-hmrc-ref-notification-of-payment-collection-malspam-delivers-smoke-loader-which-downloads-trickbot-banking-trojan/

Laisser un commentaire

Next Post

Scammers steal nearly $1 million from Bee Token ICO would-be investors

Another day, another ICO-related scam. In an attack similar to that which fooled investors into the Enigma cryptocurrency investment platform, users who were aiming to buy Bee Tokens during a Token Generation Event (i.e., an initial coin offering) were tricked into sending the money to scammers instead. What is the […]