Spamvertised ‘Vodafone U.K MMS ID/Fake Sage 50 Payroll’ themed emails lead to (identical) malware

by

Share this news now.

We’ve intercepted two, currently circulating, malicious spam campaigns enticing users into executing the malicious attachments found in the fake emails. This time the campaigns are impersonating Vodafone U.K or pretending to be a legitimate email generated by Sage 50′s Payroll software.

More details:

Sample screenshot of the spamvertised email:

Email_Spam_Fake_Spamvertised_Malware_Malicious_Software_Social_Engineering_Payslip_Sage50

What’s particularly interesting about these two campaigns is the fact that they’ve both been launched by the same cybercriminal/gang of cybercriminals. Not only do the campaigns use an identical MD5 with two previously profiled malicious spam campaigns, but also, all the MD5s phone back to the same C&C server - hxxp://62.76.178.178/fexco/com/index.php

Detection rate for the unique MD5 used in the fake Vodafone U.K MMS themed campaign: 4e9d834fcc239828919eaa7877af49dd – detected by 8 out of 47 antivirus scanners as Backdoor.Win32.Androm.abrz; Troj/Agent-ACLZ.

Webroot SecureAnywhere users are proactively protected from this threat.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.


Share this news now.