Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Current Malware Campaigns in the Name of Apple, UPS and MoneyGram

Within the last few days, Commtouch Security Labs saw lots of malware campaigns of the same or at least a very similar type. The emails and notifications were sent in the name of big companies and brands. For further information the recipient should visit a certain website or open the email’s attachment – both ways led to malware.

Apple Store Gift Card

Today’s attack with the subject “Apple Store Gift Card” has a virus attachment as well as a malicious link in the message body. It is being detected by eight anti virus engines at the moment.


The included URL leads to a compromised site which has links to two different Javascript imports on other compromised servers. These codes redirect to a third level, where the actual malicious code is hosted. The final redirection analysis by VirusTotal shows that the site is already listed as malicious by a few vendors.

Notifications by UPS and MoneyGram

On Tuesday Commtouch detected a virus outbreak with fake notifications from UPS, subject: “UPS parcel notification”.

130807_UPS - nicht getwittert

The included link lead to a trojan (Commtouch: W32/Trojan.HATG-6756) as well as the attached zip document.

At the same time there has been another fake notification campaign in the name of DPD, a big logistic company in Germany, written in German and targeting German users:


It has almost the same content as the UPS samples: The addressee is informed about the exact delivery time of a pretended consignment. But in case they cannot make it, they have the chance to reschedule the time by using the attached formula (zip document) – which contains malware as well.

On Monday Commtouch reported a virus outbreak with fake notifications sent by MoneyGram:


In some of the samples Commtouch Security Labs saw, the transaction sum varied a bit – comparable to the varying amount of the Apple Store Gift Cards ($300 versus $200).

Spammers love to recycle

These at first sight different campaigns show that spammers are intrested in “recycling” their malware – in all cases the URL links and malicious attachments lead to the same type of trojan. They just choose new subjects and brands. The fact that comparable malware campaigns are targeted at different countries and regions at the same time supports the result of Commtouch’s Q2 Internet Threats Trend Report: the strong increase in regionalized malware distribution.

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...