Fake ‘Copy of Vodafone U.K Contract/Your Monthly Vodafone Bill is Ready/New MMS Received’ themed emails lead to malware

by

Share this news now.

Cybercriminals continue targeting U.K based Internet users in an attempt to trick them into thinking that they’ve received a legitimate email from Vodafone U.K. We’ve intercepted two, currently circulating, malicious spam campaign that once again impersonate Vodafone U.K, this time relying on a bogus “Copy of Vodafone U.K” themed messages, the ubiquitous ‘MMS Message Received‘ campaign, as well as the most recent ‘Your Monthly Vondafone Bill is Ready‘ theme.

More details:

Sample screenshots of the spamvertised emails:

Vodafone_UK_United_Kingdom_Fake_Contract_Shop_Email_Spam_Spamvertised_Malicious_Software_Malware_Social_Engineering

Fake_Email_Spam_Spamvertised_Malware_Malicious_Software_Social_Engineering_Vodafone_UK_United_Kingdom_Your_Bill_Is_Ready

Detection rates for the spamvertised malicious attachments:
MD5: a5bdeaadb002e12a38c9d354097f9a9a – detected by 30 out of 46 antivirus scanners as Backdoor.Win32.Androm.aehi; TrojanDownloader:Win32/Dofoil.R.
MD5: 6aeacb54d57cddff1b1b39d2d3b32140 – detected by 6 out of 47 antivirus scanners as Artemis!6AEACB54D57C; UDS:DangerousObject.Multi.Generic.
MD5: 3965d6f027812306ea953dbd0ac0bce0 – detected by 6 out of 47 antivirus scanners as Heuristic.BehavesLike.Win32.ModifiedUPX.C; Trojan/Win32.Tepfer.

The last sample marks its presence on the affected systems through the following Mutexes:
CTF.TimListCache.FMPDefaultS-1-5-21-1547161642-507921405-839522115-1004MUTEX.DefaultS-1-5-21-1547161642-507921405-839522115-1004
0B298A164743E1643757A7223C7E2D3470144646

All of these samples phone back to the same C&C server:
hxxp://37.139.47.159/fexco/com/index.php (37-139-47-159.clodo.ru, AS56534)

Webroot SecureAnywhere users are proactively protected from these threats.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.


Share this news now.
Fake 'Copy of Vodafone U.K Contract/Your Monthly Vodafone Bill is Ready/New MMS Received' themed emails lead to malware by