Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

Fake ADP Invoices and Fiserv Documents Used to Distribute Upatre Malware

Reefa

By Reefa
in Security & Privacy News

 Share

Recommended Posts

Reefa

Reefa

Posted
Posted

A piece of malware identified by MX Lab as Gen:Variant.Strictor.49180 (Upatre) is being distributed with the aid of at least two different spam runs.

Fake-ADP-Invoices-and-Fiserv-Documents-U

The first one relies on fake ADP invoice emails that purport to come from [email protected]. The bogus notifications read something like this:

“Attached is the invoice (Invoice_ADP_3164342.zip) received from your bank. Please print this label and fill in the requested information. Once you have filled out all the information on the form please send it to [email protected]. For more details please see the attached file.”

The attached file is not an invoice, but a piece of malware.

For the second campaign, cybercriminals are abusing the name of Fiserv, a company that provides financial services technology. The emails carry the subject line “FW: Scanned Document Attached” and they read something like this:

“Protecting the privacy and security of client, company, and employee information is one of our highest priorities. That is why Fiserv has introduced the Fiserv Secure E-mail Message Center – a protected e-mail environment designed to keep sensitive and confidential information safe.

In this new environment, Fiserv will be able to send e-mail messages that you retrieve on a secured encrypted file. You have an important message from [email protected]. To see your message, use the following password to decrypt attached file: JkSIbsJPPai”

The same piece of malware is attached to these emails as well. The threat is disguised as a file called “FSEMC.Debra_Drake.zip.”

At the time of writing, most antivirus engines are capable of detecting the threat, so make sure your security solution is up to date.

Other antivirus engines detect Gen:Variant.Strictor.49180 as Gen:Variant.Zusy.79270 (Bitdefender), Win32/TrojanDownloader.Waski.A (ESET), Spyware.ZeuS (Malwarebytes), TrojanDownloader: Win32/Upatre.A (Microsoft) and Trojan.Zbot (Symantec). The threat is designed to download additional malware, such as the ZeuS banking Trojan, to infected machines.

Source

Link to comment
Share on other sites
  • Replies 1
  • Views 836
  • Created
  • Last Reply

Top Posters In This Topic

  • mariacanet

    1

  • Reefa

    1

Popular Days

Top Posters In This Topic

Popular Days

 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...