Spam campaign tricking users into installing malware capable of several damaging functions

bank transfer

A spam campaign posing as convincing bank transfer statements is tricking users into installing malware on their devices, malware that’s capable of several damaging functions.

According to cloud security firm CYREN, whose researchers discovered the spam campaign active this past week, the emails arrive with subject lines such as: “Online wire transfer payment notification,” “Payment update,” and “Swift copy.”

These spam emails inform users they received an international bank transfer, which they can review by opening the attached file, named “Swift copy,” with Swift referring to the SWIFT technology used in international bank transfers.

Researchers say that the emails come disguised as transfer statements from banks such as Emirates NDB (UAE and other countries) and DBS (Singapore and other countries).

Every time the user logs into his PC, the Visual Basic script will execute the filename.exe file.

In turn, the EXE file will install a keylogger on the user’s computer, and log both keypresses and mouse movements.


The author Paul