Kaspersky APAC

Back End News

Enterprise and Consumer Technology

Sunday, May 29th, 2022|
  • Services

Menu

  • Home
  • About
  • Contact
  • Services
  • News
    • 5G
    • Analytics
    • AI
    • Apps
    • Automotive
    • Blockchain
    • Consumer Tech
    • Cloud
    • CSR
    • Cryptocurrency
    • Cybersecurity
    • Data
    • Data Privacy
    • Devices
    • e-commerce
    • Fintech
    • Gaming
    • Hardware
    • ICT
    • Internet
    • IoT
    • Media Release
    • Movements
    • Reports
    • Reviews
    • Software
    • Special Report
    • Startup
    • Telecommunications
  • Business
    • Business Features
  • Sponsored
  • Events
  • Shop Now!
  • Featured

Our Services – Talk to us.

SME, Small Business, small and medium enterprises

Photo by Anthony Shkraba on Pexels.com

Top Posts

  • Shopee kicks off 6.6-7.7 Mid-Year Sale with exciting deals
    Shopee kicks off 6.6-7.7 Mid-Year Sale with exciting deals
  • Twitter introduces 'Freedom of Expression' search prompt in SEA
    Twitter introduces 'Freedom of Expression' search prompt in SEA
  • Healthcare BPO R1 opens office in PH
    Healthcare BPO R1 opens office in PH
  • UnionBank clients can now cash-in directly to Shopee, Lazada wallets
    UnionBank clients can now cash-in directly to Shopee, Lazada wallets
  • Power Mac Center treats 2 million fans with promos, discounts
    Power Mac Center treats 2 million fans with promos, discounts

Follow Us

  • LinkedIn
  • Twitter
  • Facebook
  • Instagram

Follow us on Twitter

My Tweets
Cybersecurity

Trend Micro discovers spam campaign delivering malware to emails connected with banks

By Marlet D. Salazar on September 7, 2018
(Image from Pixabay)

Cybersecurity and defense company Trend Micro discovered recently a spam campaign that targets emails that are connected with banks. The malware downloader is disguised as a file extension most banks use .WIZ or Wizard files that financial institutions use to send billing statements.

In its article, Trend Micro said its security researchers detected the file extension as W2KM_DLOADER.WIZ and a .PDF file or PDF_MDROP.E. These two then drops a backdoor payload that spreads the malware.

The backdoor has the ability to execute commands including “PowerShell and file system commands, code injection, uploading and downloading files, and using and purging Kerberos tickets, among others.” It can also steal information stored in the victim’s computer such as “computer name, IP address, OS system, and username, and malware process ID.”

The files trick the users into performing “intricate or repetitive documents or tasks in Microsoft programs” once they access the malicious .WIZ files.

Threat actors use fake invoice as with a .WIZ file extension as an attachment just like how banks send statements and billings. Unsuspecting users will, of course, click on the attachment to see their monthly statement and when they do that, they unknowingly download the payload onto their network system.

When it comes to .PDF file extension, criminals will send a bogus flight booking information. When users open the malicious file “the JavaScript inside opens an embedded .PUB file. The .PUB file hosts malicious macros that will then download a portable executable file from a malicious website.”

Trend Micro researchers found out that the .WIZ and .PUB spam email attachments had the same malicious macro after further analysis.

According to the Trend Micro researchers, the so-called malspam has links to another downloader that has “modular features that allow cybercriminals to download other modules and payloads on affected machines” called Marap. They said the two have identical X-Originating-IP, but while the older spam has an .IQY extension, the latest one uses .WIZ and .PDF.

Trend Micro reports that users hit by this spam campaign reside in India, Italy, and Taiwan.

SHARE

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Telegram (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • More
  • Click to email this to a friend (Opens in new window)

Related Stories

Categories: Cybersecurity, Malware, News

Tagged as: Cybersecurity, Malware, Spam Email

Post navigation

Sophos gives tips on how to protect small and medium businesses from cyber attacks
Samsung unveils three more new products in the Galaxy series

SUBSCRIBE to our Weekly Newsletter for updates!

Subscribe to our weekly newsletter!

* indicates required
Email Format
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright Back End News 2021

Categories

  • Top categories: Cybersecurity
Contact | |
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.