{"id":349,"date":"2022-03-01T00:36:57","date_gmt":"2022-03-01T00:36:57","guid":{"rendered":"https:\/\/nftsgary.com\/?p=349"},"modified":"2022-03-01T00:36:57","modified_gmt":"2022-03-01T00:36:57","slug":"fake-oneposting-invoice-ready-to-view-malspam-delivers-dridex-banking-trojan","status":"publish","type":"page","link":"https:\/\/myonlinesecurity.co.uk\/fake-oneposting-invoice-ready-to-view-malspam-delivers-dridex-banking-trojan\/","title":{"rendered":"Fake OnePosting Invoice Ready To View Malspam Delivers Dridex Banking Trojan"},"content":{"rendered":"
The next in the never ending series of malware downloaders is an email with the subject of OnePosting Invoice Ready to View pretending to come from SPECTUR LIMITED <members@onenewpost.com>. This eventually delivers Dridex banking Trojan.<\/p>\n
They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers.<\/p>\n
SPECTUR LIMITED or oneposting.com have not been hacked or had their email or other servers compromised. They are not sending the emails to you. They are just innocent victims in exactly the same way as every recipient of these emails.<\/p>\n
What has happened is that onenewpost.com has been set up by criminals to spread malware and imitate oneposting.com. onenewpost.com was registered on 4th September 2017 by a Chinese entity and is currently hosted on OVH.<\/p>\n
One of the emails looks like:<\/p>\n
From:<\/strong> SPECTUR LIMITED <members@onenewpost.com>
\nDate:<\/strong> Mon 04\/09\/2021 11:28
\nSubject:<\/strong> OnePosting Invoice Ready to View<\/p>\nBody content<\/strong>:<\/h3>\n
\n