Select Page

Cyren Security Blog

Current Malware Campaigns in the Name of Apple, UPS and MoneyGram

Within the last few days, Commtouch Security Labs saw lots of malware campaigns of the same or at least a very similar type. The emails and notifications were sent in the name of big companies and brands. For further information the recipient should visit a certain website or open the email’s attachment – both ways led to malware.

Apple Store Gift Card

Today’s attack with the subject “Apple Store Gift Card” has a virus attachment as well as a malicious link in the message body. It is being detected by eight anti virus engines at the moment.

130808_Apple

The included URL leads to a compromised site which has links to two different Javascript imports on other compromised servers. These codes redirect to a third level, where the actual malicious code is hosted. The final redirection analysis by VirusTotal shows that the site is already listed as malicious by a few vendors.

Notifications by UPS and MoneyGram

On Tuesday Commtouch detected a virus outbreak with fake notifications from UPS, subject: “UPS parcel notification”.

130807_UPS - nicht getwittert

The included link lead to a trojan (Commtouch: W32/Trojan.HATG-6756) as well as the attached zip document.

At the same time there has been another fake notification campaign in the name of DPD, a big logistic company in Germany, written in German and targeting German users:

20130806-dpd

It has almost the same content as the UPS samples: The addressee is informed about the exact delivery time of a pretended consignment. But in case they cannot make it, they have the chance to reschedule the time by using the attached formula (zip document) – which contains malware as well.

On Monday Commtouch reported a virus outbreak with fake notifications sent by MoneyGram:

130805_MoneyGram

In some of the samples Commtouch Security Labs saw, the transaction sum varied a bit – comparable to the varying amount of the Apple Store Gift Cards ($300 versus $200).

Spammers love to recycle

These at first sight different campaigns show that spammers are intrested in “recycling” their malware – in all cases the URL links and malicious attachments lead to the same type of trojan. They just choose new subjects and brands. The fact that comparable malware campaigns are targeted at different countries and regions at the same time supports the result of Commtouch’s Q2 Internet Threats Trend Report: the strong increase in regionalized malware distribution.

You might also like

Square Enix Phishing Campaign

From July 20 until August 16, 2021, Cyren observed a significant increase in the number of Square Enix phishing URLs. The campaign coincided with 14 days of free play announced by Square Enix on July 12, 2021. During this period, we detected a total of 47,076 URLs for...