Webroot observed a new malicious spam campaign that is targeting windows user. The phishing email is tricking user about receiving legitimate ‘Gift Card’ worth $200 but what is interesting that cybercriminals this time are not only attaching the malware but also including link to the malicious page, this to make sure that victim may not escape from executing the exploit.
The email state:“ Dear client! You got our $200 Apple Store Gift Card. Apple Store Gift Cards can be used to buy Apple hardware and accessories at any Apple Retail Store, the Apple Online Store, or over the phone by calling 1-800-MY-APPLE. Please click the link or look at the attachment to obtain the Apple Store Gift Card code.”
The attachment contains a zeus bot malware that steal sensitive information and turns victim computer to be a part of a botnet allowing attacker to send configurations or instructions to victims computer. This type of malware is widely used by cybercriminal as it can be generated using a special toolkit available at the black market.
The included link leads to a second malware which is a secret malicious Trojan that runs without user knowledge and allows remote access to the PC for cyber criminals. This malware uses various files that exploit vulnerabilities in Java. When it infects your system, hackers could gain access to personal information such as passwords or folders. The malware is able to block some programs from running, to make users think that their PC is at high risk.