Back End News

Enterprise and Consumer Technology

Thursday, March 30th, 2023|
  • Services

Menu

  • Home
  • About
  • Contact
  • Services
  • News
    • 5G
    • Analytics
    • AI
    • Apps
    • Blockchain
    • Cloud
    • Cryptocurrency
    • Cybersecurity
    • Data
    • Data Privacy
    • e-commerce
    • Fintech
    • Hardware
    • ICT
    • IoT
    • Software
    • Startup
    • Telecommunications
    • Consumer
      • Automotive
      • Devices
      • Gaming
      • Internet
  • Business
    • Business Features
    • CSR
    • Movements
    • Reports
  • Media Release
  • Reviews
  • Special Report
  • Sponsored
  • Events
  • Shop Now!

Follow Us

  • LinkedIn
  • Twitter
  • Facebook
  • Instagram

Our Services – Talk to us.

SME, Small Business, small and medium enterprises

Photo by Anthony Shkraba on Pexels.com

Top Posts

  • Sony debuts most compact G Master lens
    Sony debuts most compact G Master lens
  • Smart, TNT link up with PIA Region 7 on SIM registration
    Smart, TNT link up with PIA Region 7 on SIM registration
  • Fortinet shares tips to mitigate effects of ransomware attacks
    Fortinet shares tips to mitigate effects of ransomware attacks
  • Companies use skills-first approach to talent recruitment — LinkedIn
    Companies use skills-first approach to talent recruitment — LinkedIn
  • Manulife lowers minimum investment amount
    Manulife lowers minimum investment amount
News

Trend Micro discovers spam campaign delivering malware to emails connected with banks

By Marlet D. Salazar on September 7, 2018
(Image from Pixabay)

Cybersecurity and defense company Trend Micro discovered recently a spam campaign that targets emails that are connected with banks. The malware downloader is disguised as a file extension most banks use .WIZ or Wizard files that financial institutions use to send billing statements.

In its article, Trend Micro said its security researchers detected the file extension as W2KM_DLOADER.WIZ and a .PDF file or PDF_MDROP.E. These two then drops a backdoor payload that spreads the malware.

The backdoor has the ability to execute commands including “PowerShell and file system commands, code injection, uploading and downloading files, and using and purging Kerberos tickets, among others.” It can also steal information stored in the victim’s computer such as “computer name, IP address, OS system, and username, and malware process ID.”

The files trick the users into performing “intricate or repetitive documents or tasks in Microsoft programs” once they access the malicious .WIZ files.

Threat actors use fake invoice as with a .WIZ file extension as an attachment just like how banks send statements and billings. Unsuspecting users will, of course, click on the attachment to see their monthly statement and when they do that, they unknowingly download the payload onto their network system.

When it comes to .PDF file extension, criminals will send a bogus flight booking information. When users open the malicious file “the JavaScript inside opens an embedded .PUB file. The .PUB file hosts malicious macros that will then download a portable executable file from a malicious website.”

Trend Micro researchers found out that the .WIZ and .PUB spam email attachments had the same malicious macro after further analysis.

According to the Trend Micro researchers, the so-called malspam has links to another downloader that has “modular features that allow cybercriminals to download other modules and payloads on affected machines” called Marap. They said the two have identical X-Originating-IP, but while the older spam has an .IQY extension, the latest one uses .WIZ and .PDF.

Trend Micro reports that users hit by this spam campaign reside in India, Italy, and Taiwan.

SHARE

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Telegram (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)

Related Stories

Categories: News

Tagged as: Cybersecurity, Malware, Spam Email

Post navigation

Sophos gives tips on how to protect small and medium businesses from cyber attacks
Samsung unveils three more new products in the Galaxy series

Sponsors

Sponsors

SUBSCRIBE to our Weekly Newsletter for updates!

Subscribe to our weekly newsletter!

* indicates required
Email Format
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright Back End News 2021

Categories

  • Top categories: News
Contact | |