Back End News

Enterprise Technology – Business, Cloud, Cybersecurity, IoT

Tuesday, March 2nd, 2021|
  • Services

Menu

  • Home
  • About
  • Services
  • Contact
  • Featured
  • News
  • Devices
  • Media Release
  • Shop Now!

Our Services – Talk to us.

SME, Small Business, small and medium enterprises

Photo by Anthony Shkraba on Pexels.com

Top Posts

  • UnionBank enables PH MSMEs with digitalization efforts through retail hub
    UnionBank enables PH MSMEs with digitalization efforts through retail hub
  • Oracle Cloud consumption revenue soars in 2020
    Oracle Cloud consumption revenue soars in 2020
  • UnionBank adds over 11,000 deposit channels with ECPay, 7-Eleven nationwide
    UnionBank adds over 11,000 deposit channels with ECPay, 7-Eleven nationwide
  • Going Paperless: Is less paper the holy grail of automation and digitization?
    Going Paperless: Is less paper the holy grail of automation and digitization?
  • GoDaddy winner shares four effective ways to market your business online
    GoDaddy winner shares four effective ways to market your business online

Follow Us

  • LinkedIn
  • Twitter
  • Facebook
  • Instagram

Follow us on Twitter

My Tweets
Cybersecurity

Trend Micro discovers spam campaign delivering malware to emails connected with banks

By Marlet D. Salazar on September 7, 2018
(Image from Pixabay)

Cybersecurity and defense company Trend Micro discovered recently a spam campaign that targets emails that are connected with banks. The malware downloader is disguised as a file extension most banks use .WIZ or Wizard files that financial institutions use to send billing statements.

In its article, Trend Micro said its security researchers detected the file extension as W2KM_DLOADER.WIZ and a .PDF file or PDF_MDROP.E. These two then drops a backdoor payload that spreads the malware.

The backdoor has the ability to execute commands including “PowerShell and file system commands, code injection, uploading and downloading files, and using and purging Kerberos tickets, among others.” It can also steal information stored in the victim’s computer such as “computer name, IP address, OS system, and username, and malware process ID.”

The files trick the users into performing “intricate or repetitive documents or tasks in Microsoft programs” once they access the malicious .WIZ files.

Threat actors use fake invoice as with a .WIZ file extension as an attachment just like how banks send statements and billings. Unsuspecting users will, of course, click on the attachment to see their monthly statement and when they do that, they unknowingly download the payload onto their network system.

When it comes to .PDF file extension, criminals will send a bogus flight booking information. When users open the malicious file “the JavaScript inside opens an embedded .PUB file. The .PUB file hosts malicious macros that will then download a portable executable file from a malicious website.”

Trend Micro researchers found out that the .WIZ and .PUB spam email attachments had the same malicious macro after further analysis.

According to the Trend Micro researchers, the so-called malspam has links to another downloader that has “modular features that allow cybercriminals to download other modules and payloads on affected machines” called Marap. They said the two have identical X-Originating-IP, but while the older spam has an .IQY extension, the latest one uses .WIZ and .PDF.

Trend Micro reports that users hit by this spam campaign reside in India, Italy, and Taiwan.

SPREAD THE WORD:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • More
  • Click to share on Reddit (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Telegram (Opens in new window)

Have you read?

Categories: Cybersecurity, Malware, News

Tagged as: Cybersecurity, Malware, Spam Email

Post navigation

Sophos gives tips on how to protect small and medium businesses from cyber attacks
Samsung unveils three more new products in the Galaxy series

Published by Marlet D. Salazar

Marlet Salazar is a technology writer with 20 years of experience in the media industry. T: @marletds LinkedIn: /marletsalazar/ View all posts by Marlet D. Salazar

Download our FREE digital magazine! No strings attached. Just download or read online.

SUBSCRIBE to our Weekly Newsletter for updates!

* indicates required
Email Format

Categories

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright Back End News 2021

Categories

  • Top categories: News
Contact | |