We’ve intercepted two, currently circulating, malicious spam campaigns enticing users into executing the malicious attachments found in the fake emails. This time the campaigns are impersonating Vodafone U.K or pretending to be a legitimate email generated by Sage 50′s Payroll software.
Sample screenshot of the spamvertised email:
What’s particularly interesting about these two campaigns is the fact that they’ve both been launched by the same cybercriminal/gang of cybercriminals. Not only do the campaigns use an identical MD5 with two previously profiled malicious spam campaigns, but also, all the MD5s phone back to the same C&C server - hxxp://18.104.22.168/fexco/com/index.php
Detection rate for the unique MD5 used in the fake Vodafone U.K MMS themed campaign: 4e9d834fcc239828919eaa7877af49dd – detected by 8 out of 47 antivirus scanners as Backdoor.Win32.Androm.abrz; Troj/Agent-ACLZ.
Webroot SecureAnywhere users are proactively protected from this threat.