Back End News

Enterprise and Consumer Technology

Thursday, October 5th, 2023

Menu

  • Home
  • News
    • 5G
    • Analytics
    • AI
    • Apps
    • Blockchain
    • Cloud
    • Cryptocurrency
    • Cybersecurity
    • Data
    • Data Privacy
    • e-commerce
    • Fintech
    • Hardware
    • ICT
    • IoT
    • Software
    • Startup
    • Telecommunications
    • Consumer
      • Automotive
      • Devices
      • Gaming
      • Internet
      • Media Release
  • Business
    • Business Features
    • CSR
    • Movements
    • Reports
  • Reviews
  • Special Report
  • Sponsored
    • Shop Now!
  • About
  • Contact
  • Services

Follow Us

  • LinkedIn
  • Twitter
  • Facebook
  • Instagram

Our Services – Talk to us.

SME, Small Business, small and medium enterprises

Photo by Anthony Shkraba on Pexels.com

Top Posts

  • GoTyme Bank aims to unlock Filipinos' financial potential
    GoTyme Bank aims to unlock Filipinos' financial potential
  • Smart expands 5G data roaming with 81 destinations
    Smart expands 5G data roaming with 81 destinations
  • Xiaomi unveils Xiaomi 13T Series at global launch
    Xiaomi unveils Xiaomi 13T Series at global launch
  • Score great savings on gadgets for school with Home Credit
    Score great savings on gadgets for school with Home Credit
  • IBM expands access to AI education to 2 million learners
    IBM expands access to AI education to 2 million learners
News

Trend Micro discovers spam campaign delivering malware to emails connected with banks

By Marlet D. Salazar on September 7, 2018
(Image from Pixabay)

Cybersecurity and defense company Trend Micro discovered recently a spam campaign that targets emails that are connected with banks. The malware downloader is disguised as a file extension most banks use .WIZ or Wizard files that financial institutions use to send billing statements.

In its article, Trend Micro said its security researchers detected the file extension as W2KM_DLOADER.WIZ and a .PDF file or PDF_MDROP.E. These two then drops a backdoor payload that spreads the malware.

The backdoor has the ability to execute commands including “PowerShell and file system commands, code injection, uploading and downloading files, and using and purging Kerberos tickets, among others.” It can also steal information stored in the victim’s computer such as “computer name, IP address, OS system, and username, and malware process ID.”

The files trick the users into performing “intricate or repetitive documents or tasks in Microsoft programs” once they access the malicious .WIZ files.

Threat actors use fake invoice as with a .WIZ file extension as an attachment just like how banks send statements and billings. Unsuspecting users will, of course, click on the attachment to see their monthly statement and when they do that, they unknowingly download the payload onto their network system.

When it comes to .PDF file extension, criminals will send a bogus flight booking information. When users open the malicious file “the JavaScript inside opens an embedded .PUB file. The .PUB file hosts malicious macros that will then download a portable executable file from a malicious website.”

Trend Micro researchers found out that the .WIZ and .PUB spam email attachments had the same malicious macro after further analysis.

According to the Trend Micro researchers, the so-called malspam has links to another downloader that has “modular features that allow cybercriminals to download other modules and payloads on affected machines” called Marap. They said the two have identical X-Originating-IP, but while the older spam has an .IQY extension, the latest one uses .WIZ and .PDF.

Trend Micro reports that users hit by this spam campaign reside in India, Italy, and Taiwan.

SHARE

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Telegram (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)

Related Stories

Categories: News

Tagged as: Cybersecurity, Malware, Spam Email

Post navigation

Sophos gives tips on how to protect small and medium businesses from cyber attacks
Samsung unveils three more new products in the Galaxy series
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright 2018-2023 Back End News

Categories

  • Top categories: News Smart
Contact | |