{"id":11509,"date":"2022-04-11T09:12:40","date_gmt":"2022-04-11T09:12:40","guid":{"rendered":"https:\/\/myonlinesecurity.co.uk\/?p=11509"},"modified":"2023-04-04T10:02:05","modified_gmt":"2023-04-04T10:02:05","slug":"java-adwind-trojans-via-fake-transaction-malspam-emails","status":"publish","type":"page","link":"https:\/\/myonlinesecurity.co.uk\/java-adwind-trojans-via-fake-transaction-malspam-emails\/","title":{"rendered":"Java Adwind Trojans Via Fake Transaction Malspam Emails"},"content":{"rendered":"
Overnight we received 2 separate sets of malspam emails both eventually leading to the same Java Adwind Trojan<\/p>\n
They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers.<\/p>\n
Neither of the companies listed appear to have been hacked or had their email or other servers compromised. They are not sending the emails to you. They are just innocent victims in exactly the same way as every recipient of these emails<\/p>\n
The first one of the emails has a blurry image embedded that is supposed to persuade you to open the zip and see the transactions, looks like:<\/p>\n
From:<\/strong> gccremittance@emirates.net.ae<\/p>\n Date:<\/strong> Tue 19\/07\/2021 23:33<\/p>\n Subject:<\/strong> Pending Sendout Transaction<\/p>\n Attachment:<\/strong> Sendout-Copy.zip<\/p>\n kindly find attached listed trasactions for amendment,please do the corrections and send back to us. thanks<\/em><\/p>\n Update:<\/strong> I am also getting some of these Pending Sendout Transaction emails coming through pretending to come from amirmuhammed@almuzaniexchange.ae<\/p>\n The second email looks like<\/p>\n From:<\/strong> lariex@qatar.net.qa<\/p>\n Date:<\/strong> Wed 20\/07\/2021 01:06<\/p>\n Subject:<\/strong> Confirm To Release<\/p>\n Attachment:<\/strong> Sendout-Report.rar<\/p>\n Dear Sir\/Ma Please confirm attached transactions we got from your branch.. We have attached 2 different transfers in total of 300,750. We need you to confirm these transactions before they are released. Please Kindly Confirm Urgently. Thanks & Regards. LARI EXCHANGE CO. Main Branch DOHA ? SOUK AHMED BIN ALI PB No. 280, DOHA ? QATAR Tel . +974-4419010, +974-4419020 Fax. +974-4412224 Email : lariex@qatar.net.qa<\/em><\/p>\n These malicious attachments normally have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. A very high proportion are Ransomware versions that encrypt your files and demand money ( about \u00a3350\/$400) to recover the files.<\/p>\n All the alleged senders, amounts, reference numbers, Bank codes, companies, names of employees, employee positions, email addresses and phone numbers mentioned in the emails are all random. Some of these companies will exist and some won\u2019t. Don\u2019t try to respond by phone or email, all you will do is end up with an innocent person or company who have had their details spoofed and picked at random from a long list that the bad guys have previously found. The bad guys choose companies, Government departments and organisations with subjects that are designed to entice you or alarm you into blindly opening the attachment or clicking the link in the email to see what is happening.<\/p>\nBody Content:<\/strong><\/h3>\n
Screenshot:<\/strong><\/h3>\n
Body Content:<\/strong><\/h3>\n