Skip to content

Export page to PDF
Fraudulent German Invoice Notification Contains Malware
Spam Blocking Date/Time: 07 Feb 2013 09:12:00 AM GMT-8

The use of bogus invoices remains an effective social engineering tactic as seen in the continuous usage of such technique. Recently, we spotted a spammed message written in German language that purports as a notification. It informs users that their invoice is contained in the attached .ZIP file. When users opened the attachment, it executes a malware detected as TSPY_BEBLOH.MJM. This spyware steals information such as IP address, OS version, hardware ID, and socks port among others. It also monitors websites related to financial institutions and steals FTP credentials on the infected system. 

Trend Micro protects users from this threat via its Smart Protection Network that detects the spam and malicious file.

Analysis By: Neil Yves Pondo

Connect with us on