Showing 7 results for: 2018 ×Spam ×

Advanced Deception with BEC Fraud Attacks

Background Business Email Compromise (BEC) email fraud, also known as "CEO Fraud" or "Whaling", has become a major financial cyber threat, affecting businesses of all sizes globally. In such attacks a fraudster impersonates an executive of an organization to trick...

Bank Malspam Revisited

Last week we wrote about some malicious spam containing Microsoft Publisher files, leading to the FlawedAmmyy RAT, where the actors behind the campaign were targeting banks. The same actors have resumed business today, however this time, they embedded the Publisher...

Malicious SettingContent now delivered through PDF

Recently, a proof-of-concept emerged on how the filetype SettingContent can be abused when getting embedded in Microsoft Office Documents. SettingContent is a feature in Windows 10 which acts as a shortcut to different system settings. Legitimate examples of this can...

DanaBot Riding Fake MYOB Invoice Emails

Authors: Dr. Fahim Abbasi and Diana Lopera We recently observed phishing emails targeting Australian customers with fake MYOB invoices. Instead of the usual HTTP links, these emails were ridden with FTP links pointing to compromised FTP servers. While most of...

Fake ASIC Renewal Spam Delivers Malware to Australian Companies

The Australian Securities and Investment Commission (ASIC) is an independent government agency that is Australia's corporate, market and financial services regulator. ASIC provides several services including registration services for Australian companies. Opportunist Scammers taking advantage of the new year, leveraged...

Multi-Stage Email Word Attack Without Macros

Malware authors often distribute malware through code macros in Microsoft Office documents such as Word, Excel, or PowerPoint. Regardless of the particular Office version, macros can be executed whenever the user opens the file. By default users get warnings from...