spoofed DHL Shipment Notification delivers unknown malware — 19 Comments

  1. Hi there. I am usually good at recognising spam emails but a fake dhl one came to me just as I was expecting a delivery. I clicked on the tracking link.. it downloaded a .js to my downloads folder which I deleted immediately. I’m on a mac.. not sure if I have downloaded malware? I there anything I need to look out for or I can do?

    • if you didn’t Double Click or run the .js file you will be OK. The js files cannot autorun on download. They need to be manually run
      You should be safe on mac anyway as the downloaded malware is all windows specific at this time. Some javascript will run on a mac but won’t actually download anything. Even though the files are identified as .js files they are actually windows scripting files and contain commands that Macs don’t work with

    • Same here. Is it possible an HTML formatted email contains malicious JS code that autoruns if Apple mail is set to display HTML emails? Or maybe runs when clicking on a link within that email, even WITHOUT any further downloads? Thanks.

  2. I think I’ve been caught out today as, like others, I was expecting a large delivery so DHL seemed logical. I opened the email attachment, it downloaded then I tried to open the script like an idiot!!! It didn’t run asking me what program I wanted to use to run it. I have Sophos protection but now wondering if it’s done anything. So annoyed with myself 🙁 Any advice?

    • If you tried to open the script file, then it might have done something
      first download & run the Emsisoft emergency repair kit from the link in the sidebar, see what that finds ( if anything) If it comes clean then try ESET online scanner & see what that finds, If neither find anything then it is more than likely that you are fine & Sophos silently blocked it

  3. Hi I had an email come through last night and as I’m currently expecting a parcel I stupidly clicked on the supposed ‘tracker’ link. I don’t think it downloaded anything it just opened this document with loads of letters and code on which I closed immediately. As I am on my phone I am not sure if it downloaded anything please can you advise if you think by opening the tracker I’ll have the malware? Should I go to the Apple Store? Would appreciate any advise as I am really concerned I’ll now have a virus on my phone! Thank you!

    • If the document opened with loads of what looked like junk letters and numbers then you are safe. IPhone won’t normally run .js files, just open them as a plain text file which is harmless.

  4. Hi,
    Today I too received an email from DHL express containing a delivery report in .js file. I clicked the link by mistake in my iphone 7 mail client which redirected it to Safari. Nothing ran as such but only lines of scripts/words appeared in the browser. Should I be worried about it?

    Thank you

  5. DHL SCAM IS BACK. January 19, 2018 Just received a DHL pick-up notification spam email with two attatchments. This is the second one that I have received recently!
    I always check the recipient address which was ‘undisclosed-recipients’ and deleted it before opening any files. BEWARE!!

  6. I opened this a month or so ago, on my iphone if memory serves correctly and now the emails I send have the handle “DHLexpress.” How do I get this off my phone and laptop? It seems to ha e infected my whole network.

Leave a Reply

Your email address will not be published. Required fields are marked *