Cybercriminals are currently impersonating T-Mobile U.K, in an attempt to trick its customers into downloading a bogus billing information report. Upon execution, the malware opens a backdoor on the affected host, allowing the cybercriminals behind the campaign complete access to the infected PC.
Sample screenshot of the spamvertised email:
Sample detection rate for the malicious executable: MD5: b0d4dad91f8e56caa184c8ba8850a6bd – detected by 35 out of 44 antivirus scanners as Worm:Win32/Gamarue
That’s the same MD5 that was served in the recently profiled “Bogus DHL ‘Express Delivery Notifications’ serve malware” malicious campaign, indicating a (thankfully) low QA (Quality Assurance) on behalf of the cybercriminals behind the campaign who didn’t bother introducing a new malware variant.
Webroot SecureAnywhere users are proactively protected from this threat.