Computer hackers are now distributing fake bank transfer emails to distribute various types of malware, including ransomware and keyloggers, to predefined targets.
Fake Bank Transfer Emails Come in Attack Waves
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
A recently detected spam campaign was observed by security experts that spreads malware via fake bank transfer emails. The campaign was discovered by Cyren researchers and the end results can be very damaging to the victims. The attack relies on social engineering tricks that aim to infect the victims with dangerous viruses. The contents of the messages allegedly inform the victims that they have received a money deposit or that they include information related to various types of financial operations. The spam messages are sent from a botnet located in the United States and Singapore. Various banking branding images and patterns are used including Emirates NDB and DBS. The financial subjects include the following:
-
Online wire transfer payment notification
-
Payment update
-
Swift copy
Each spam message includes an attachment file that features a name that includes a variation of “Swift”. Example file names include swift copy.zip, swift_copy.pdf.gz or swift copy_pdf.ace. This is a reference to the SWIFT codes which used to identify financial institutions and banks globally.
If the attachments are executed a file called filename.vbs in the Windows startup folder. This ensures that it will run every time the computer is powered on. This is script calls the installed malware on the machine which is located in the AppData\Local\Temp folder and disguised as filename.exe. After the persistent environment is created that attachment file automatically deletes itself.
Upon infection the malware starts to search the Windows registry for passwords, account credentials and other sensitive information. The virus is able to extract data from software such as FTP clients, web browsers and other related applications which can contain account credentials. In addition the malware code also searches for any available crypto currency (Bitcoin) wallets. A list of the supported wallets by the malware’s engine includes the following:
Anoncoin, BBQcoin, Bitcoin, Bytecoin, Craftcoin, Devcoin, Digitalcoin, Fastcoin, Feathercoin, Florincoin, Freicoin, I0coin, Infinitecoin, Ixcoin, Junkcoin, Litecoin, Luckycoin, Megacoin, Mincoin, Namecoin, Phoenixcoin, Primecoin, Quarkcoin, Tagcoin, Terracoin, Worldcoin, Yacoin, and Zetacoin
What is even more dangerous is that this virus also features a built-in keylogger. It can create hooks and capture any mouse and keyboard interaction. You can protect yourself by running a trusted anti-spyware utility that can both remove active infections and protect your computer at all times.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
