Overnight we have seen another mass Japanese Malspam campaign with a change to the malware downloaders delivering some sort of malware that is being detected on VirusTotal as a ransomware. I am not certain that is a correct detection. This gang traditionally deliver Ursnif / Gozi banking Trojan and it has … Continue reading →
Following on from this post about Japanese Language invoice malspam delivering Ursnif, we are currently seeing another Japanese campaign about damaged photos. These contact the same sites as mentioned in the other post to download the same malware version. 48336.doc Current Virus total detections: Payload Security Which is still showing the same … Continue reading →
It looks like the Japanese malspams are still continuing to deliver Ursnif /Gozi / ISFB banking Trojans. This one is yet another fake invoice email with the subject of 請求書添付書類について (About invoice attachment documents) , pretending to come from random Japanese email addresses with a malicious Excel XLS attachment that contains macros … Continue reading →
Still sticking with Japanese malspams downloaders delivering or trying to deliver Ursnif /Gozi / ISFB banking Trojan is yet another email with the subject of Re: [お振込口座変更のご連絡 Re: [Notice of transfer account change , pretending to come from random Japanese email addresses with a malicious word doc attachment that contains … Continue reading →
Yet another in the never ending series of Japanese language malspam malware downloaders delivering Ursnif /Gozi / ISFB banking Trojan is this email with the subject of 請求書 (invoice). These emails are coming in slightly malformed and outlook doesn’t want to open them or display them properly. This might be a language … Continue reading →
Back to the never ending series of Japanese language malspam malware downloaders delivering Ursnif /Gozi / ISFB banking Trojan is yet another email with the subject of 請求書を添付 (Attach invoice). These emails are coming in slightly malformed and outlook doesn’t want to open them or display them properly. This might be … Continue reading →
A slightly different one today and I am not sure how many recipients will be infected by this. On my server, some are being delivered with the word doc attachment, but about half are just getting the email body with an HTML attachment which has the same details as the email body and … Continue reading →
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.
